Cracking Zip Password Files !!
I will do by using FZC ..
What is FZC?
FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords. You can get lots of wordlists at www.theargon.com.).
FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
Now that you have a good wordlist, just get FZC working on the locked zip file
We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.
Now that we've gone through all the theoretical stuff, let's get to the actual commands.
--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.
*****
hint
*****
You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.
--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------
Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:
fzc -mr
And the bruteforce attack will start from the place where it stopped when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start a new wordlist attack, saying where it's gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you'll type
fzc -mw3 -nzfile.zip -nwwordlist.txt -f100
Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session.
What is FZC?
FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords. You can get lots of wordlists at www.theargon.com.).
FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
Now that you have a good wordlist, just get FZC working on the locked zip file
We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.
Now that we've gone through all the theoretical stuff, let's get to the actual commands.
--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------
The command line you'll need to use for using brute force is:
fzc -mb -nzFile.zip -lChr Lenght -cType of chars
Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)
For Chr Lenght you can use 4 kind of switches...
-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...
For the Type of chars we have 5 switches they are:
-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers
Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:
fzc -mb -nzTest.zip -l4-7 -ca1
This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.
*****
hint
*****
You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.
--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------
Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.
fzc -mwMode number -nzFile.zip -nwWordlist
Where:
Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.
You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like
fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+
FZC would just start reading at line 50 and would just read with length >= to 9.
Example:
If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:
fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50
--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------
Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:
fzc -mr
And the bruteforce attack will start from the place where it stopped when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start a new wordlist attack, saying where it's gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you'll type
fzc -mw3 -nzfile.zip -nwwordlist.txt -f100
Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session.
Hacking websites !!
Server with one step login can be accessed via this method.
Not For all Websites
If you have the html and javascript knowledge then you can access password protected websites.
1. Open the website you want to hack. Provide wrong username-password in its log in form.
(e.g : Username : me and Password: ' or 1=1 --)
An error will occur saying wrong username-password. Now be prepared
Your experiment starts from here...
2. Right click anywhere on that error page =>> go to view source.
3. There you can see the html codings with javascripts.
4. There you find somewhat like this.... <_form action="..login....">
< =..login....>
5. Before this login information<=__LOGIN> copy the url of the site in which you are.
(e.g :"<_form..........action=http://www.targetwebsite.com/login.......><..........=HTTP: com="">")<..........=HTTP: com="">
6. Then delete the javascript from the above that validates your information in the server.(Do this very carefully, ur success to hack the site depends upon this i.e how efficiently you delete the javascripts that validate ur account information)
7. Then take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=text> " there <=TEXT>instead of "<_type=password>"<=TEXT><=>. See there if maxlength of password is less than 11 then increase it to 11 (e.g : if then write )
8. Just go to file => save as and save it any where in your hardisk with ext.html(e.g: c:\eg.html)
9. Reopen your target web page by double clicking eg.html' file that you have saved.
10. U see that some changes in current page as compared to original One. Don't get worried.
11. Provide any username[e.g:hacker] and password[e.g:' or 1=1 --]
Congrats!!!!!! You have successfully cracked the above website and entered into the account of Ist user saved in the server's database.
[Please read "_form"="form" & "_type"="type" & "_input"="input" without quotes]
The above trick won't work on the websites using latest technique to protect there servers. But you can find many sites !!
Enjoy !!
Not For all Websites
If you have the html and javascript knowledge then you can access password protected websites.
1. Open the website you want to hack. Provide wrong username-password in its log in form.
(e.g : Username : me and Password: ' or 1=1 --)
An error will occur saying wrong username-password. Now be prepared
Your experiment starts from here...
2. Right click anywhere on that error page =>> go to view source.
3. There you can see the html codings with javascripts.
4. There you find somewhat like this.... <_form action="..login....">
< =..login....>
5. Before this login information<=__LOGIN> copy the url of the site in which you are.
(e.g :"<_form..........action=http://www.targetwebsite.com/login.......><..........=HTTP: com="">")<..........=HTTP: com="">
6. Then delete the javascript from the above that validates your information in the server.(Do this very carefully, ur success to hack the site depends upon this i.e how efficiently you delete the javascripts that validate ur account information)
7. Then take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=text> " there <=TEXT>instead of "<_type=password>"<=TEXT><=>. See there if maxlength of password is less than 11 then increase it to 11 (e.g : if then write )
8. Just go to file => save as and save it any where in your hardisk with ext.html(e.g: c:\eg.html)
9. Reopen your target web page by double clicking eg.html' file that you have saved.
10. U see that some changes in current page as compared to original One. Don't get worried.
11. Provide any username[e.g:hacker] and password[e.g:' or 1=1 --]
Congrats!!!!!! You have successfully cracked the above website and entered into the account of Ist user saved in the server's database.
[Please read "_form"="form" & "_type"="type" & "_input"="input" without quotes]
The above trick won't work on the websites using latest technique to protect there servers. But you can find many sites !!
Enjoy !!
Secret Backdoor !!
Many sites that force users to register or even pay in order to search
and use their content, leave a backdoor open for the Googlebot, because a
prominent presence in Google searches is known to generate sales leads,
site hits and exposure.
Examples of such sites are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the globe.
How then, can you disguise yourself as a Googlebot? Quite simple: by changing your browser's User Agent. Copy the following code segment and paste it into a fresh notepad file. Save it as Useragent.reg and merge it into your registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Googlebot/2.1"
"Compatible"="+http://www.googlebot.com/bot.html"
You're done!
You may always change it back again.... I know only one site that uses you User Agent to establish your eligability to use its services, and that's the Windows Update site...
To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge with your registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Examples of such sites are Windows Magazine, .Net Magazine, Nature, and many, many newspapers around the globe.
How then, can you disguise yourself as a Googlebot? Quite simple: by changing your browser's User Agent. Copy the following code segment and paste it into a fresh notepad file. Save it as Useragent.reg and merge it into your registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Googlebot/2.1"
"Compatible"="+http://www.googlebot.com/bot.html"
You're done!
You may always change it back again.... I know only one site that uses you User Agent to establish your eligability to use its services, and that's the Windows Update site...
To restore the IE6 User Agent, save the following code to NormalAgent.reg and merge with your registry:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
@="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
How to Defeat Java Script Protected Sites !!
There are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting [ctl-alt-del]
when the password box is displayed, to simply turning off java
capability, which will dump you into the default page.You can try
manually searching for other directories, by typing the directory name
into the url address box of your browser, ie: you want access to target .
Try typing target_com/images .(almost every web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory.
ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url target_index you will be onthe index page and ready to follow the links for downloading.
Try typing target_com/images .(almost every web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory.
ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.
For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.
We then go to 100.100.100.1, and then launch Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url target_index you will be onthe index page and ready to follow the links for downloading.
Remove Windows Messenger From XP !!
Copy and paste the following to a text file, and save as RemoveMsgr.bat
@echo off
RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
@echo REGEDIT4>%TMP%\RemoveMsgr.reg
@echo.>>%TMP%\RemoveMsgr.reg
@echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express]>>%TMP%\RemoveMsgr.reg
@echo "Hide Messenger"=dword:00000002>>%TMP%\RemoveMsgr.reg
@echo.>>%TMP%\RemoveMsgr.reg
regedit /s %TMP%\RemoveMsgr.reg
• Close all Internet Explorer windows.
• Run RemoveMsgr.bat, When prompted, click Yes to close all affected applications.
• Restart your computer for the changes to take effect.
You are done ..
@echo off
RunDll32 advpack.dll,LaunchINFSection %windir%\inf\msmsgs.inf,BLC.Remove
@echo REGEDIT4>%TMP%\RemoveMsgr.reg
@echo.>>%TMP%\RemoveMsgr.reg
@echo [HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express]>>%TMP%\RemoveMsgr.reg
@echo "Hide Messenger"=dword:00000002>>%TMP%\RemoveMsgr.reg
@echo.>>%TMP%\RemoveMsgr.reg
regedit /s %TMP%\RemoveMsgr.reg
• Close all Internet Explorer windows.
• Run RemoveMsgr.bat, When prompted, click Yes to close all affected applications.
• Restart your computer for the changes to take effect.
You are done ..
Methods Of Cracking Any e-mail Passwords !!
One of the most successful method is achieved with the used of keyloggers and spy software. There
are lots of spyware, logging tools available today such as 007,
RemoteSpy, Netvizor, Email Spy, Chat Spy, Spector Pro, eBlaster,
Invisible Keylogger, to name a few. This software will create a
self extracting or installation file, you can then run it in the
computer for surveillance, or email it to your target. The only question
is, how can you convinced the recipient to open it?
Most hackers does not really hacking passwords by penetrating Yahoo, Hotmail, Gmail, and AOL servers, instead they will go for the easy way - the end user, that's you. It's not what you see on the movies such like "Hackers," "SwordFish," and so on. Too good to be true! They don't actually hack, but logs every stroke on your keyboard including the passwords you have input.
Keep in mind that computer surveillance Programs should be used only if necessary, it was not created to invade someone's privacy. If you are going to use it, be a responsible user.
Most hackers does not really hacking passwords by penetrating Yahoo, Hotmail, Gmail, and AOL servers, instead they will go for the easy way - the end user, that's you. It's not what you see on the movies such like "Hackers," "SwordFish," and so on. Too good to be true! They don't actually hack, but logs every stroke on your keyboard including the passwords you have input.
Keep in mind that computer surveillance Programs should be used only if necessary, it was not created to invade someone's privacy. If you are going to use it, be a responsible user.
How to Hack (Basic Tips To Start Hacking ) !!
How to Hack?
what they do to Hack?
These are the common enough question, asked on nearly every hacking board across the web, and yet, no one seems to be able to answer it.
One reason for this is the fact that the vast majority of people who really don't have, want, or need a clue. Then there's a small minority who have a good basic knowledge but simply not enough conviction to teach. Then there's the tiny minority who really know the ins and outs of computer systems, they can program exploits, bug fixes, and can generally fix, or find out how to fix nearly any problem. These are the people referred to as computer experts. An even smaller percentage of people again are called hackers. Hacker is a term that over recent time has been changed and exploited by the media to mean someone who breaks into and destroys a computer system. I don't like these people. These are the people who give true hackers a bad name. By dictionary definition, a hacker is someone who has an extraordinary ability to push a computer system, or program, to work beyond expected boundaries, "He hacked away at the program all night until he got it to work". A Hacker, in the true meaning should be respected, the modern interpretation, someone who breaks systems is traditionally known as a cracker
The biggest reason for someone to truly want to become a hacker is to learn. There's no bigger reason than this. The simple craving to learn about, change, understand and improve a computer system and/or program is the single biggest goal for any hacker. Maybe the second biggest reason behind hacking is freedom. To understand this you must fist understand what I talked about in the previous paragraph, that hacking is not breaking systems, but improving them. Any one who considers themselves half knowledgeable about the Internet should have heard of Gnu/Linux. If you haven't please refer to http://www.linux.org/info/index.html. Linux and the GNU project embody the spirit of what I consider to be a true hacker goal. The ideas of freedom, improvement and development should be at the heart of every hacker's life. The Internet itself is another representation of this ideal. There is no one owner of the Internet; anyone can access it for no costs other than that of a phone call. The Internet is the single biggest source of information the world has ever seen. It contains information on billions of subjects, the vast majority of which is absolutely free. A person with a connection to the Internet can access information on everything from quantum computing to the exploration of mars, from pro-anarchy to pro-capitalist. It allows all this information to be accessible to everyone with no discrimination on the basis of age, colour, religious or political orientation. That's enough of a rant on freedom now. I'm sure most people are reading this to find out what it takes to become a hacker.
A hacker, as I have previously explained, is a person who has a craving for knowledge. If you don't have the will to learn continuously, spend countless hours reading, researching and improving then hacking defiantly isn't for you. Many people will give up after a few months, many I'm sure didn't even make it to this far into the document, if you did then well done, keep reading, in time, you will learn to truly enjoy hacking away at your own programs and helping others too. I am by no means a hacker; neither do I claim to be. However, I have been reading, learning and sometimes even contributing for quite a while now, and hopefully this document will allow you to do the same. Enough talk. This is where you start to learn.
As by now you will know, the main aim of hacking is knowledge. Before you can even hope to understand how to improve software you must fist understand how the current software works. Since most newbies (Newbie n. Someone who has little knowledge or experience with computer systems and/or programs) I assuming will be using a version of the Windows OS (OS - Operating System) Since you wish to learn how to hack I am assuming you have quite a strong grasp of the basics or Windows such as how to run programs, navigate your hard disk, install new software, hardware etc. If you do not know how to do this use the built in help function by clicking Start -> Help, or use your favourite search engine, I suggest google.com as it's probably the largest in the world. Learn how to use everything about your OS, including MS-DOS. To open a MS-DOS prompt, or shell Click on Start -> Programs -> MS-DOS Prompt , if this fails or the link isn't there for some unknown reason click Start -> Run and then type 'command.com'. This will run the program command.com, which is located in the c:\ directory of your hard disk. There are various programs that can be run from the dos prompt, which are very useful in basic hacking techniques.
Intro to MS-DOS
MS-DOS is a command line OS which is the basis for most windows OS's. It has many internal commands such as copy, cd, cls, ren, del. And several external commands including sys, move, format, deltree, syscopy. Internal commands are commands which are built into the command.com program and so can be run in any MS-DOS with no dependencies, External commands are commands which are not built into command.com, they are external programs which are usually found in c:\windows\command but can be found anywhere. In DOS, to find out what a command does you can type 'command /?' at a dos prompt where command is the name of the command you wish to learn about. This is invaluable and if you ever need to find out what a command does, this is the first thing you should try. Next I am going to explain some basic MS-DOS commands which will be useful during your exploration of the web.
ping
Usage: ping [-options] hostname.domain
Output:
Pinging yahoo.com [66.218.71.112] with 32 bytes of data:
Reply from 66.218.71.112: bytes=32 time=306ms TTL=45
Reply from 66.218.71.112: bytes=32 time=430ms TTL=45
Reply from 66.218.71.112: bytes=32 time=295ms TTL=45
Reply from 66.218.71.112: bytes=32 time=340ms TTL=45
Ping statistics for 66.218.71.112:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 295ms, Maximum = 430ms, Average = 342ms
Ping sends a ping request to a domain name to test its reactivity and response times. It does this by sending a packet of information to the server in question and requests a response. The output, as you can see is tells you the domain name that is being pinged, its IP address, the size of packets sent out, the response times, and averages. Ping is a very useful command as it tells you the IP address of a domain name, and tells you if it is 'alive' and responsive. The uses of this will become apparent later on. To find out extra options that can be used with ping, type 'ping /?' at the dos prompt.
netstat
Usage: netstat [-options]
Output:
Active Connections
Proto Local Address Foreign Address State
TCP pbn-computer:1067 w3.dcx.yahoo.com:80 ESTABLISHED
TCP pbn-computer:1069 209.73.225.7:80 ESTABLISHED
TCP pbn-computer:1070 212.187.244.14:80 ESTABLISHED
TCP pbn-computer:1071 212.187.244.14:80 ESTABLISHED
Netstat gives a list of all connections coming to and from your computer. It displays the ports (A virtual port of a computer is like an imaginary route for information to come in and out of your computer (to the internet) All services and programs which use the internet use a different port to ensure that information does not get sent to the wrong program) and IP's of both ends of the connections. There are thousands of available ports, not something you run out of. Once again, typing 'traceroute /?' at the dos prompt to get more information. Netstat can also be used as a crude method of getting a person's IP. To do this you do the following, for the sake of simplicity you should try to minimise the number of connections, this can be done by closing internet browsers, chat programs etc. Firstly, you will need to talk to the person on a chat program such as msn messenger, aim, yahoo messenger or something similar. At the dos prompt type 'netstat > temp1.txt' this will give the standard output, but the output will be routed into the file temp.txt (which if does not exist, will be created, and if does exist will be over written). Next you will need to establish a direct connection with the target computer, this can be done by initiating a file transfer. Whilst the file transfer is talking place you will need to once again type 'netstat >temp2.txt'. The next task is to compare the two files (temp1.txt and temp2.txt), the second file should contain an IP address that is not in the first, this new connection is the connection you initiated o the target computer, hence the IP address is the IP of your target.
tracert
Usage: tracert [-options] IP
Output:
Tracing route to yahoo.com [66.218.71.113]
over a maximum of 30 hops:
1 * * * Request timed out.
2 175 ms 180 ms 180 ms cdf-dam1-a-fa11.inet.ntl.com [62.252.33.201]
3 185 ms 200 ms 200 ms 62.254.253.17
4 180 ms 170 ms 190 ms bir-bb-a-so-220-0.inet.ntl.com [213.105.172.45]
5 165 ms 180 ms 180 ms bir-bb-b-ge-720-0.inet.ntl.com [62.253.185.154]
6 320 ms 360 ms 320 ms yahoo-above-1.pao1.above.net [64.125.31.230]
7 400 ms 340 ms 339 ms ge-1-3-0.msr2.pao.yahoo.com [216.115.100.146]
8 315 ms 355 ms 345 ms vl11.bas2.scd.yahoo.com [66.218.64.138]
9 420 ms 320 ms 340 ms yahoo.com [66.218.71.113]
Trace complete.
Tracert short for trace route does exactly that, it traces the route taken by individual packets of information as they are transmitted across the Internet to the destination. The uses of this are numerous and will become clear as you learn more. In its simplest form it can be crudely used to find out a persons ISP and even locate them on a international level. For example, is you tracert a persons ISP, and the final hop before reaching them is m284-mp1-cvx1c.car.ntl.com [62.252.45.28] , we know that the person uses ntl as an ISP, on further investigation it can be found that ntl is a UK based ISP and the abbreviation .car. stands for Cardiff, a city in the UK. From this we know that the person in question uses ntl and lives in the vicinity of Cardiff. Encase any one out their is wondering, I do live in Cardiff, UK and the IP address is mine, its a dynamic IP address (dynamic means it changes every time I connect to the internet as oppose to static which means the connection is constant and IP does not change). Use 'tracert /?' for more information.
Ok, so they are three basic, and surprisingly simple yet useful commands to give you a basic understanding of DOS. If you want to learn more then I suggest you search the internet, http://www.google.com is, as far as I know, the biggest search engine on the web and along with the most simple of knowledge should allow you to find anything about anything.
The next step in your journey towards hackerdom is a programming language. Many people wonder why they should 'waste their time' learning a language to help them hack when they could just as easily download a trojan or other script kiddie (A 'script kiddie' is someone who uses other peoples programs to crack without the knowledge of how they work) tool to break into someone's computer. If you search the web I'm sure you can very easily find programs and viruses that let you take control of peoples computers, delete their programs and cause havoc. This is not hacking. Trojans, getting their name from the Greek trojan horse, require a program to be run on the target computer to allow you access. This will probably work on your friends who don't have virus scanners (as virus scanners will very easily pick up viruses) but if you set your sights on a computer owned by anyone with more than half a brain trojans simply are not effective. Again, to refer back to the original definition of hacking, it is about learning how systems work, how to improve them, not simply to break in and gain control. It is for this reason that in order to hack effectively you _must_ learn a programming language.
Their are many different languages out there to learn, they fall into two categories. There are interpreted languages, such as perl, python, bash scripting and even batch scripting (feel free to do a search on any of these to learn more about them). These languages are text files that contain commands that are interpreted by a program and then executed by the computer. They have the advantage of being quick to write and edit but the major advantage is that they can be run on any machine which supports the interpreter of that language but on the downside they run much slower than compiled languages and are generally less powerful. Compiled languages on the other hand create binary files, which do not require an interpreter. They are created when the language is written in a readable text file and then compiled by a compiler. This changes it into a binary file which understandable to humans. To change them you must edit the source code file and recompile them. They have the advantage of being much faster and they allow you to perform much more complex operations. However on the downside they take longer to edit and are OS specific. Examples of compiled languages are C and C++. It is advisable to learn at least one of each of the types of language as this will give you the advantages of both types of language. I suggest that you do some basic reading (again using a search engine) on all the languages I have mentioned. On a personal note, I would suggest that you learn perl, due to its power and simplicity as well as cross-platform compatibility and C, because it is as close as you will get to an Internet standard and is used by most open source programmers.
This brings me on to my next topic. Operating systems. As you immerse yourself into the world of hacking I'm sure you will hear everyone shouting at you to run gnu/Linux instead of windows. I'm also sure that most of you will have no idea why. First, a little history. The GNU project was started in 1984 with the aim of developing a completely free and open source operating system. In 1990 Linus Torvalds finished writing a Unix based open source kernel. An operating system is basically a lot of programs grouped together to run computer hardware the kernel is the software that interfaces directly with the hardware, and the other software interfaces with the kernel. In short, an operating system cannot exist with out both software and a kernel. By the time that Linus Torvalds finished writing his kernel, the Gnu project has just about finished writing their OS, all they were short of was a kernel. The timing was perfect. Linus and the GNU project teamed up to release the operating system which is commonly called Linux, but should be more accurately know as GNU/Linux. Since that time, Linus has continued developing his kernel and the GNU project has continued developing their software. Since then variations of the GNU/Linux system have developed called distributions. Each distribution is configured differently with slightly different software, each designed for different reasons. Examples of commonly used distributions are SuSe, RedHat, debian and slackware (each have .com sites). Linux is considered _the_ operating system for various reasons, not least of which is its freedom. The GNU/Linux operating system was, and is being, developed under the GNU public licence. This licence is intended to keep software free, under it you are able to change, sell or give away the software for any charge as long as you supply the source code along with it as so to enable other people to have the same rights as you have. Another benefit of the freedom of GNU/Linux is its stability, the fact that the source code is available to anyone means that anyone is free to add to it, change it, modify it. This means that if someone finds a bug they can find it, write a patch and submit it to the author who may include it in his next update. Due to its fundamental Unix like design, Linux is very virus resistant, its user based system it is hard for viruses to spread. Once again, if an exploit is found in and GNU/Linux software you can almost guarantee that a patch will be written within a few days, if not the same day, this means if security is a concern, you can keep your box wrapped up tight.
GNU/Linux also has many features built in which make it very good as a development platform. It has built in compilers for C and C++, most distributions also contain perl and python interpreters. Its openness also means that you can customise your distribution much more effectively than with windows, optimising it for speed, stability or security. This is the reason why most hackers or computer enthusiasts use Gnu/Linux. I'm not going to include a guide to how to use Linux, simply because their are so many out there do a search on google.com. However, since I'm feeling nice today I will point you in the direction of my favourite reference http://www.slackware.com/book/, it is supposed to be specific to Slackware Linux, but what it teaches is quite general and will work on any Linux system.
As well as all of the above, you should also continuously be reading and learning about current exploits and 'tricks' on both windows and Unix based operating systems. There is no end of information out there for those willing to search. To become a hacker you must want to learn about and more importantly understand everything you come into contact with. If there is a new concept you come into contact with, learn about it, search for it on google.com and if all else fails, ask.
Most hacks aim to gain root access, as you will now know from your experience of Linux systems, root is a super user that can do anything on the system. There are five common ways of getting root.
Misconfiguration
If excessive permission exists on certain directories and files, these can lead to gaining higher levels of access. For example, if /dev/kmem is writable it is possible to rewrite your UID to match root's. Another example would be if a .rhosts file has read/write permissions allowing anyone to write them. Yet another example would be a script launched at startup, cron, or respawned. If this script is editable, you could add commands to run with the same privileges as who started them (particularly for startup rc files this would be as root).
Poor SUID
Sometimes you will find scripts (shell or Perl) that perform certain tasks and run as root. If the scripts are writable by your id, you can edit it and run it. For example I once found a shutdown script world writable. By adding a few lines at the beginning of the script it was possible to have the script create a root shell in /tmp.
Race Conditions
A Race Condition is when a program creates a short opportunity for evil by opening a small window of vulnerability. For example, a program that alters a sensitive file might use a temporary backup copy of the file during its alteration. If the permissions on that temporary file allow it to be edited, it might be possible to alter it before the program finishes its editing process.
Poor Temp Files
Many programs create temporary files while they run. If a program runs as root and is not careful about where it puts its temp files and what permissions these temp files have, it might be possible to use links to create root-owned files.
Buffer Overflow
Buffer overflows are typically used to spawn root shells from a process running as root. A buffer overflow could occur when a program has a buffer for user-defined data and the user-defined data's length is not checked before the program acts upon it.
Four out of the five ways of getting root mentioned above are only applicable on a machine where you have local access. In these cases you will need to get an account on the machine. This could be in a school or collage that you attend, or simply an internet shell account. Since this text is only meant to be an introduction and outline guide I will not go into huge details about these. There is plenty of information on the web, once again I suggest you use google.com, I can't stress enough how useful a search engine is in the world of hacking.
By far the most common way to gain a root shell is through a buffer overflow. It is also unsurprisingly the most complicated of the about ways of getting root and deserves a bit more explanation. Firstly, a buffer is simply a block of computer memory, which holds data of a certain type. If, as I suggested, you have learnt, or are learning, how to program in C, you will probably associate buffers with arrays. A stack has a set amount of space in memory, if you overflow the buffer by sending too much information, the extra data overflows onto the next stack and can be used to execute arbitrary code. For a much better explanation of buffer overflow techniques I suggest you read Phrack 49, File 14, called "Smashing The Stack For Fun And Profit" which can be found at http://www.phrack.com/phrack/49/P49-14 .
Well, it looks like this guide has come to an end. There is only one thing that I have left to say. If you follow all the instructions I have mentioned above, you will have a very good understanding of how the Internet, Ms-dos, Windows, Linux and various hacking techniques work, You may even be considered by some to be a Hacker. If you do end up in this situation, the world is yours, continue to learn, expand and enjoy..
what they do to Hack?
These are the common enough question, asked on nearly every hacking board across the web, and yet, no one seems to be able to answer it.
One reason for this is the fact that the vast majority of people who really don't have, want, or need a clue. Then there's a small minority who have a good basic knowledge but simply not enough conviction to teach. Then there's the tiny minority who really know the ins and outs of computer systems, they can program exploits, bug fixes, and can generally fix, or find out how to fix nearly any problem. These are the people referred to as computer experts. An even smaller percentage of people again are called hackers. Hacker is a term that over recent time has been changed and exploited by the media to mean someone who breaks into and destroys a computer system. I don't like these people. These are the people who give true hackers a bad name. By dictionary definition, a hacker is someone who has an extraordinary ability to push a computer system, or program, to work beyond expected boundaries, "He hacked away at the program all night until he got it to work". A Hacker, in the true meaning should be respected, the modern interpretation, someone who breaks systems is traditionally known as a cracker
The biggest reason for someone to truly want to become a hacker is to learn. There's no bigger reason than this. The simple craving to learn about, change, understand and improve a computer system and/or program is the single biggest goal for any hacker. Maybe the second biggest reason behind hacking is freedom. To understand this you must fist understand what I talked about in the previous paragraph, that hacking is not breaking systems, but improving them. Any one who considers themselves half knowledgeable about the Internet should have heard of Gnu/Linux. If you haven't please refer to http://www.linux.org/info/index.html. Linux and the GNU project embody the spirit of what I consider to be a true hacker goal. The ideas of freedom, improvement and development should be at the heart of every hacker's life. The Internet itself is another representation of this ideal. There is no one owner of the Internet; anyone can access it for no costs other than that of a phone call. The Internet is the single biggest source of information the world has ever seen. It contains information on billions of subjects, the vast majority of which is absolutely free. A person with a connection to the Internet can access information on everything from quantum computing to the exploration of mars, from pro-anarchy to pro-capitalist. It allows all this information to be accessible to everyone with no discrimination on the basis of age, colour, religious or political orientation. That's enough of a rant on freedom now. I'm sure most people are reading this to find out what it takes to become a hacker.
A hacker, as I have previously explained, is a person who has a craving for knowledge. If you don't have the will to learn continuously, spend countless hours reading, researching and improving then hacking defiantly isn't for you. Many people will give up after a few months, many I'm sure didn't even make it to this far into the document, if you did then well done, keep reading, in time, you will learn to truly enjoy hacking away at your own programs and helping others too. I am by no means a hacker; neither do I claim to be. However, I have been reading, learning and sometimes even contributing for quite a while now, and hopefully this document will allow you to do the same. Enough talk. This is where you start to learn.
As by now you will know, the main aim of hacking is knowledge. Before you can even hope to understand how to improve software you must fist understand how the current software works. Since most newbies (Newbie n. Someone who has little knowledge or experience with computer systems and/or programs) I assuming will be using a version of the Windows OS (OS - Operating System) Since you wish to learn how to hack I am assuming you have quite a strong grasp of the basics or Windows such as how to run programs, navigate your hard disk, install new software, hardware etc. If you do not know how to do this use the built in help function by clicking Start -> Help, or use your favourite search engine, I suggest google.com as it's probably the largest in the world. Learn how to use everything about your OS, including MS-DOS. To open a MS-DOS prompt, or shell Click on Start -> Programs -> MS-DOS Prompt , if this fails or the link isn't there for some unknown reason click Start -> Run and then type 'command.com'. This will run the program command.com, which is located in the c:\ directory of your hard disk. There are various programs that can be run from the dos prompt, which are very useful in basic hacking techniques.
Intro to MS-DOS
MS-DOS is a command line OS which is the basis for most windows OS's. It has many internal commands such as copy, cd, cls, ren, del. And several external commands including sys, move, format, deltree, syscopy. Internal commands are commands which are built into the command.com program and so can be run in any MS-DOS with no dependencies, External commands are commands which are not built into command.com, they are external programs which are usually found in c:\windows\command but can be found anywhere. In DOS, to find out what a command does you can type 'command /?' at a dos prompt where command is the name of the command you wish to learn about. This is invaluable and if you ever need to find out what a command does, this is the first thing you should try. Next I am going to explain some basic MS-DOS commands which will be useful during your exploration of the web.
ping
Usage: ping [-options] hostname.domain
Output:
Pinging yahoo.com [66.218.71.112] with 32 bytes of data:
Reply from 66.218.71.112: bytes=32 time=306ms TTL=45
Reply from 66.218.71.112: bytes=32 time=430ms TTL=45
Reply from 66.218.71.112: bytes=32 time=295ms TTL=45
Reply from 66.218.71.112: bytes=32 time=340ms TTL=45
Ping statistics for 66.218.71.112:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 295ms, Maximum = 430ms, Average = 342ms
Ping sends a ping request to a domain name to test its reactivity and response times. It does this by sending a packet of information to the server in question and requests a response. The output, as you can see is tells you the domain name that is being pinged, its IP address, the size of packets sent out, the response times, and averages. Ping is a very useful command as it tells you the IP address of a domain name, and tells you if it is 'alive' and responsive. The uses of this will become apparent later on. To find out extra options that can be used with ping, type 'ping /?' at the dos prompt.
netstat
Usage: netstat [-options]
Output:
Active Connections
Proto Local Address Foreign Address State
TCP pbn-computer:1067 w3.dcx.yahoo.com:80 ESTABLISHED
TCP pbn-computer:1069 209.73.225.7:80 ESTABLISHED
TCP pbn-computer:1070 212.187.244.14:80 ESTABLISHED
TCP pbn-computer:1071 212.187.244.14:80 ESTABLISHED
Netstat gives a list of all connections coming to and from your computer. It displays the ports (A virtual port of a computer is like an imaginary route for information to come in and out of your computer (to the internet) All services and programs which use the internet use a different port to ensure that information does not get sent to the wrong program) and IP's of both ends of the connections. There are thousands of available ports, not something you run out of. Once again, typing 'traceroute /?' at the dos prompt to get more information. Netstat can also be used as a crude method of getting a person's IP. To do this you do the following, for the sake of simplicity you should try to minimise the number of connections, this can be done by closing internet browsers, chat programs etc. Firstly, you will need to talk to the person on a chat program such as msn messenger, aim, yahoo messenger or something similar. At the dos prompt type 'netstat > temp1.txt' this will give the standard output, but the output will be routed into the file temp.txt (which if does not exist, will be created, and if does exist will be over written). Next you will need to establish a direct connection with the target computer, this can be done by initiating a file transfer. Whilst the file transfer is talking place you will need to once again type 'netstat >temp2.txt'. The next task is to compare the two files (temp1.txt and temp2.txt), the second file should contain an IP address that is not in the first, this new connection is the connection you initiated o the target computer, hence the IP address is the IP of your target.
tracert
Usage: tracert [-options] IP
Output:
Tracing route to yahoo.com [66.218.71.113]
over a maximum of 30 hops:
1 * * * Request timed out.
2 175 ms 180 ms 180 ms cdf-dam1-a-fa11.inet.ntl.com [62.252.33.201]
3 185 ms 200 ms 200 ms 62.254.253.17
4 180 ms 170 ms 190 ms bir-bb-a-so-220-0.inet.ntl.com [213.105.172.45]
5 165 ms 180 ms 180 ms bir-bb-b-ge-720-0.inet.ntl.com [62.253.185.154]
6 320 ms 360 ms 320 ms yahoo-above-1.pao1.above.net [64.125.31.230]
7 400 ms 340 ms 339 ms ge-1-3-0.msr2.pao.yahoo.com [216.115.100.146]
8 315 ms 355 ms 345 ms vl11.bas2.scd.yahoo.com [66.218.64.138]
9 420 ms 320 ms 340 ms yahoo.com [66.218.71.113]
Trace complete.
Tracert short for trace route does exactly that, it traces the route taken by individual packets of information as they are transmitted across the Internet to the destination. The uses of this are numerous and will become clear as you learn more. In its simplest form it can be crudely used to find out a persons ISP and even locate them on a international level. For example, is you tracert a persons ISP, and the final hop before reaching them is m284-mp1-cvx1c.car.ntl.com [62.252.45.28] , we know that the person uses ntl as an ISP, on further investigation it can be found that ntl is a UK based ISP and the abbreviation .car. stands for Cardiff, a city in the UK. From this we know that the person in question uses ntl and lives in the vicinity of Cardiff. Encase any one out their is wondering, I do live in Cardiff, UK and the IP address is mine, its a dynamic IP address (dynamic means it changes every time I connect to the internet as oppose to static which means the connection is constant and IP does not change). Use 'tracert /?' for more information.
Ok, so they are three basic, and surprisingly simple yet useful commands to give you a basic understanding of DOS. If you want to learn more then I suggest you search the internet, http://www.google.com is, as far as I know, the biggest search engine on the web and along with the most simple of knowledge should allow you to find anything about anything.
The next step in your journey towards hackerdom is a programming language. Many people wonder why they should 'waste their time' learning a language to help them hack when they could just as easily download a trojan or other script kiddie (A 'script kiddie' is someone who uses other peoples programs to crack without the knowledge of how they work) tool to break into someone's computer. If you search the web I'm sure you can very easily find programs and viruses that let you take control of peoples computers, delete their programs and cause havoc. This is not hacking. Trojans, getting their name from the Greek trojan horse, require a program to be run on the target computer to allow you access. This will probably work on your friends who don't have virus scanners (as virus scanners will very easily pick up viruses) but if you set your sights on a computer owned by anyone with more than half a brain trojans simply are not effective. Again, to refer back to the original definition of hacking, it is about learning how systems work, how to improve them, not simply to break in and gain control. It is for this reason that in order to hack effectively you _must_ learn a programming language.
Their are many different languages out there to learn, they fall into two categories. There are interpreted languages, such as perl, python, bash scripting and even batch scripting (feel free to do a search on any of these to learn more about them). These languages are text files that contain commands that are interpreted by a program and then executed by the computer. They have the advantage of being quick to write and edit but the major advantage is that they can be run on any machine which supports the interpreter of that language but on the downside they run much slower than compiled languages and are generally less powerful. Compiled languages on the other hand create binary files, which do not require an interpreter. They are created when the language is written in a readable text file and then compiled by a compiler. This changes it into a binary file which understandable to humans. To change them you must edit the source code file and recompile them. They have the advantage of being much faster and they allow you to perform much more complex operations. However on the downside they take longer to edit and are OS specific. Examples of compiled languages are C and C++. It is advisable to learn at least one of each of the types of language as this will give you the advantages of both types of language. I suggest that you do some basic reading (again using a search engine) on all the languages I have mentioned. On a personal note, I would suggest that you learn perl, due to its power and simplicity as well as cross-platform compatibility and C, because it is as close as you will get to an Internet standard and is used by most open source programmers.
This brings me on to my next topic. Operating systems. As you immerse yourself into the world of hacking I'm sure you will hear everyone shouting at you to run gnu/Linux instead of windows. I'm also sure that most of you will have no idea why. First, a little history. The GNU project was started in 1984 with the aim of developing a completely free and open source operating system. In 1990 Linus Torvalds finished writing a Unix based open source kernel. An operating system is basically a lot of programs grouped together to run computer hardware the kernel is the software that interfaces directly with the hardware, and the other software interfaces with the kernel. In short, an operating system cannot exist with out both software and a kernel. By the time that Linus Torvalds finished writing his kernel, the Gnu project has just about finished writing their OS, all they were short of was a kernel. The timing was perfect. Linus and the GNU project teamed up to release the operating system which is commonly called Linux, but should be more accurately know as GNU/Linux. Since that time, Linus has continued developing his kernel and the GNU project has continued developing their software. Since then variations of the GNU/Linux system have developed called distributions. Each distribution is configured differently with slightly different software, each designed for different reasons. Examples of commonly used distributions are SuSe, RedHat, debian and slackware (each have .com sites). Linux is considered _the_ operating system for various reasons, not least of which is its freedom. The GNU/Linux operating system was, and is being, developed under the GNU public licence. This licence is intended to keep software free, under it you are able to change, sell or give away the software for any charge as long as you supply the source code along with it as so to enable other people to have the same rights as you have. Another benefit of the freedom of GNU/Linux is its stability, the fact that the source code is available to anyone means that anyone is free to add to it, change it, modify it. This means that if someone finds a bug they can find it, write a patch and submit it to the author who may include it in his next update. Due to its fundamental Unix like design, Linux is very virus resistant, its user based system it is hard for viruses to spread. Once again, if an exploit is found in and GNU/Linux software you can almost guarantee that a patch will be written within a few days, if not the same day, this means if security is a concern, you can keep your box wrapped up tight.
GNU/Linux also has many features built in which make it very good as a development platform. It has built in compilers for C and C++, most distributions also contain perl and python interpreters. Its openness also means that you can customise your distribution much more effectively than with windows, optimising it for speed, stability or security. This is the reason why most hackers or computer enthusiasts use Gnu/Linux. I'm not going to include a guide to how to use Linux, simply because their are so many out there do a search on google.com. However, since I'm feeling nice today I will point you in the direction of my favourite reference http://www.slackware.com/book/, it is supposed to be specific to Slackware Linux, but what it teaches is quite general and will work on any Linux system.
As well as all of the above, you should also continuously be reading and learning about current exploits and 'tricks' on both windows and Unix based operating systems. There is no end of information out there for those willing to search. To become a hacker you must want to learn about and more importantly understand everything you come into contact with. If there is a new concept you come into contact with, learn about it, search for it on google.com and if all else fails, ask.
Most hacks aim to gain root access, as you will now know from your experience of Linux systems, root is a super user that can do anything on the system. There are five common ways of getting root.
Misconfiguration
If excessive permission exists on certain directories and files, these can lead to gaining higher levels of access. For example, if /dev/kmem is writable it is possible to rewrite your UID to match root's. Another example would be if a .rhosts file has read/write permissions allowing anyone to write them. Yet another example would be a script launched at startup, cron, or respawned. If this script is editable, you could add commands to run with the same privileges as who started them (particularly for startup rc files this would be as root).
Poor SUID
Sometimes you will find scripts (shell or Perl) that perform certain tasks and run as root. If the scripts are writable by your id, you can edit it and run it. For example I once found a shutdown script world writable. By adding a few lines at the beginning of the script it was possible to have the script create a root shell in /tmp.
Race Conditions
A Race Condition is when a program creates a short opportunity for evil by opening a small window of vulnerability. For example, a program that alters a sensitive file might use a temporary backup copy of the file during its alteration. If the permissions on that temporary file allow it to be edited, it might be possible to alter it before the program finishes its editing process.
Poor Temp Files
Many programs create temporary files while they run. If a program runs as root and is not careful about where it puts its temp files and what permissions these temp files have, it might be possible to use links to create root-owned files.
Buffer Overflow
Buffer overflows are typically used to spawn root shells from a process running as root. A buffer overflow could occur when a program has a buffer for user-defined data and the user-defined data's length is not checked before the program acts upon it.
Four out of the five ways of getting root mentioned above are only applicable on a machine where you have local access. In these cases you will need to get an account on the machine. This could be in a school or collage that you attend, or simply an internet shell account. Since this text is only meant to be an introduction and outline guide I will not go into huge details about these. There is plenty of information on the web, once again I suggest you use google.com, I can't stress enough how useful a search engine is in the world of hacking.
By far the most common way to gain a root shell is through a buffer overflow. It is also unsurprisingly the most complicated of the about ways of getting root and deserves a bit more explanation. Firstly, a buffer is simply a block of computer memory, which holds data of a certain type. If, as I suggested, you have learnt, or are learning, how to program in C, you will probably associate buffers with arrays. A stack has a set amount of space in memory, if you overflow the buffer by sending too much information, the extra data overflows onto the next stack and can be used to execute arbitrary code. For a much better explanation of buffer overflow techniques I suggest you read Phrack 49, File 14, called "Smashing The Stack For Fun And Profit" which can be found at http://www.phrack.com/phrack/49/P49-14 .
Well, it looks like this guide has come to an end. There is only one thing that I have left to say. If you follow all the instructions I have mentioned above, you will have a very good understanding of how the Internet, Ms-dos, Windows, Linux and various hacking techniques work, You may even be considered by some to be a Hacker. If you do end up in this situation, the world is yours, continue to learn, expand and enjoy..
Windows game Cheats !!
Minesweeper
Secret - Reveal Mines
Instructions - Minimize or close all running applications. Launch Minesweeper, then type xyzzy. Next hold down either shift key for one second. Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen. This pixel will change to black when your mouse moves over a mine. You may need to change you desktop background to a solid color other then white or black to see the pixel.
Pinball
Secret - Extra Balls
Instructions - Type 1max at the start of a new ball to get extra balls.
Secret - Gravity Well
Instructions - Type gmax at the start of a new game to activate the Gravity Well.
Secret - Instant Promotion
Instructions - Type rmax at the start of a new game to go up in ranks.
Secret - Skill Shot
Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points:
First: 15,000 points
Second: 30,000 points
Third: 75,000 points
Fourth: 30,000 points
Fifth: 15,000 points
Sixth: 7,500 points
Secret - Test Mode
Instructions - Type hidden test at the start of a new ball to activate Test Mode. No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around.
Secret - Unlimited Balls
Instructions - Type bmax at the start of a new ball. No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. Once this is activated you will be unable to activate other secrets without restarting
FreeCell
Secret - Instant Win
Instructions - Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.
Secret - Hidden Game Modes
Instructions - In the "Game" menu choose "Select Game". Enter -1 or -2 to activate the hidden game modes.
Solitaire
Secret - Instant Win
Instructions - Press Alt + Shift + 2 during game play to instantly win.
Secret - Draw single cards in a Draw Three game
Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three cards you will only draw one.
Infinite Points
In the Windows XP version of solitaire, draw from the deck at least twice. Hold control and drag a card down from the deck. Click the "A" key and then let go of the left mouse key. You will get 10 points for this. Continue doing this for infinite points!
Infinite points trick II
To do this trick, finish a game of solitaire with the time bonus option on. The cards will start bouncing. Click on the solitaire screen and the play again box will pop up. Select no, so the solitaire screen is just blank green. Use the instant win cheat (Alt+Shift+2) and you will recieve the time bonus you got last game will be added to your last game's score. For example, if your time bonus was 5000, and your final score was 6000, after using this glitch, you will have a score of 11000. This glitch can be used as many times as you want.
registry hack which will allow you to see your opponents' cards
Launch REGEDIT.EXE and navigate to HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Applets Hearts. NOTE: You may have to create the Hearts key under Applets In the right-hand pane, create a new String Value. Immediately rename it to "ZB" (without the quotes); give it a value of "42" (again, sans quotes). The next time you're in a game of Hearts, press CTRL + SHIFT + ALT + F12.
Secret - Reveal Mines
Instructions - Minimize or close all running applications. Launch Minesweeper, then type xyzzy. Next hold down either shift key for one second. Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen. This pixel will change to black when your mouse moves over a mine. You may need to change you desktop background to a solid color other then white or black to see the pixel.
Pinball
Secret - Extra Balls
Instructions - Type 1max at the start of a new ball to get extra balls.
Secret - Gravity Well
Instructions - Type gmax at the start of a new game to activate the Gravity Well.
Secret - Instant Promotion
Instructions - Type rmax at the start of a new game to go up in ranks.
Secret - Skill Shot
Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points:
First: 15,000 points
Second: 30,000 points
Third: 75,000 points
Fourth: 30,000 points
Fifth: 15,000 points
Sixth: 7,500 points
Secret - Test Mode
Instructions - Type hidden test at the start of a new ball to activate Test Mode. No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around.
Secret - Unlimited Balls
Instructions - Type bmax at the start of a new ball. No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. Once this is activated you will be unable to activate other secrets without restarting
FreeCell
Secret - Instant Win
Instructions - Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.
Secret - Hidden Game Modes
Instructions - In the "Game" menu choose "Select Game". Enter -1 or -2 to activate the hidden game modes.
Solitaire
Secret - Instant Win
Instructions - Press Alt + Shift + 2 during game play to instantly win.
Secret - Draw single cards in a Draw Three game
Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three cards you will only draw one.
Infinite Points
In the Windows XP version of solitaire, draw from the deck at least twice. Hold control and drag a card down from the deck. Click the "A" key and then let go of the left mouse key. You will get 10 points for this. Continue doing this for infinite points!
Infinite points trick II
To do this trick, finish a game of solitaire with the time bonus option on. The cards will start bouncing. Click on the solitaire screen and the play again box will pop up. Select no, so the solitaire screen is just blank green. Use the instant win cheat (Alt+Shift+2) and you will recieve the time bonus you got last game will be added to your last game's score. For example, if your time bonus was 5000, and your final score was 6000, after using this glitch, you will have a score of 11000. This glitch can be used as many times as you want.
registry hack which will allow you to see your opponents' cards
Launch REGEDIT.EXE and navigate to HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Applets Hearts. NOTE: You may have to create the Hearts key under Applets In the right-hand pane, create a new String Value. Immediately rename it to "ZB" (without the quotes); give it a value of "42" (again, sans quotes). The next time you're in a game of Hearts, press CTRL + SHIFT + ALT + F12.
Cracking BIOS!!!!
Here is the best way to crack the bios password in win 95/98:
Follow the steps below:
1) Boot up windows.
2) go to dos-prompt or go to command prompt directly from the windows start up menu.
3) type the command at the prompt: "debug" (without quotes ninja.gif )
4) type the following lines now exactly as given.......
o 70 10
o 71 20
quit
exit
4) exit from the dos prompt and restart the machine
password protection gone!!!!!!!!!!!!! biggrin.gif
EnjoYYYYYYYYYY
There seems to be some issue regarding display drivers on some machines if this is used. Just reinstall the drivers, Everything will be fine...........
I have not found any other trouble if the codes are used.
To be on safe side, just back up your data..........
The use of this code is entirely at ur risk..........
It worked fine for me..........
Follow the steps below:
1) Boot up windows.
2) go to dos-prompt or go to command prompt directly from the windows start up menu.
3) type the command at the prompt: "debug" (without quotes ninja.gif )
4) type the following lines now exactly as given.......
o 70 10
o 71 20
quit
exit
4) exit from the dos prompt and restart the machine
password protection gone!!!!!!!!!!!!! biggrin.gif
EnjoYYYYYYYYYY
There seems to be some issue regarding display drivers on some machines if this is used. Just reinstall the drivers, Everything will be fine...........
I have not found any other trouble if the codes are used.
To be on safe side, just back up your data..........
The use of this code is entirely at ur risk..........
It worked fine for me..........
HOW TO CRACK ANY TYPE OF CD PROTECTION
Now I’m gonna show you, how to crack any type of CD Protection, using W32Dasm (you can download it from http://prt.kgb.pl/index.php?path=misc%2Fprogramowanie),
and HIEW (http://www.hiew.ru/) .
OK, let’s start:
First
of all, you have to run the game you want to crack, without the CD. The
game, doesn’t work of course, BUT a window pops up, telling you an
error message. This error message will help you to crack the game so, you’ve got to remember it.
For example:
Please
insert the - CD, or: You need the CD to play the - . ( -, is thegame
you want to crack). Anyway, if you can’t remember it,write it, in a
little piece of paper. Now, run Win32Dasm , and on the toolbar, press
the first little button on the left, OR, go to Disassembler
->Open file to Disassemble.
A menu will pop up. Select the exe which you want to crack. The disassemble, will take few minutes so,
OK, it finished its process. Now, in your screen, there is a strange text, and we can’t understand anything of course. Don’t worry, the only thing we have to do, ( If you want, you can change the font), is to click on the String Data References , the button next to the print button (Strn.REF). You can see a window which is called String Data Items . Scroll down, and try tofind the game’s error message. When you’ll find it , double click on it , and then,close the window, to go back to the Win32Dasm text. As you can see you are somewhere in the CD check routine. This is the message’s place.
OK, it finished its process. Now, in your screen, there is a strange text, and we can’t understand anything of course. Don’t worry, the only thing we have to do, ( If you want, you can change the font), is to click on the String Data References , the button next to the print button (Strn.REF). You can see a window which is called String Data Items . Scroll down, and try tofind the game’s error message. When you’ll find it , double click on it , and then,close the window, to go back to the Win32Dasm text. As you can see you are somewhere in the CD check routine. This is the message’s place.
Now comes
the interesting and difficult part, so, be careful. We don’t know what
all this mean, BUT we must know the @ offset ofevery call and jump
command. Write down , every call and jump @ offset number. (You have to
be sure, that the OPBAR change its used color to green). You need the
number behind the @offset without the h.
Let’s go to Hiew.
HIEW:
HIEW:
To move up and down, use the cursor keys.
Start
HIEW. exe. In the HIEW directory, there is a list of exes and programs.
Go to the directory, which you saved the game’s exe, we want to crack,
and click on the exe. Click F4,and then, a menu will pop up, with 3
words. Text, Hex, and Decode. Click on Decode, and now, we can
understand the list of numbers.Click F5, and you can now enter the
number, we wrote down, in Win32Dasm. Type it, and you will be placed at
the number’s place. The cursor is placed on a command.
Before I’ll continue, I want to explain you something. For example, if the command where our cursor is placed, is E92BF9BF74, means that it is 5 bytes.Every 2 numbers, are one byte: E9-2B-F9-BF-74 = 90-90-90-90-90. 10 letters, mean, 5 bytes. The number 90, is the “Noop number”.OK, i hope you understood it ,
Press F3, which means edit, and now you can edit these ten numbers.Type five times, the number 90. For every byte, 90. Now click on F10 to exit.We cracked the CD protection of the - . Congratulations!!!!
Before I’ll continue, I want to explain you something. For example, if the command where our cursor is placed, is E92BF9BF74, means that it is 5 bytes.Every 2 numbers, are one byte: E9-2B-F9-BF-74 = 90-90-90-90-90. 10 letters, mean, 5 bytes. The number 90, is the “Noop number”.OK, i hope you understood it ,
Press F3, which means edit, and now you can edit these ten numbers.Type five times, the number 90. For every byte, 90. Now click on F10 to exit.We cracked the CD protection of the - . Congratulations!!!!
No comments:
Post a Comment