HACKING in the middle of WORLD

Hacking Servers Beginner's Guide

2007-09-16T04:37:00.000-07:00

I am asked at least 5 or more times a day by young, beginning "hackers", "How can I hack?" or "Is there a way to hack a web site?" Well there is. There are, in fact, literally hundreds of ways to do this. I will discuss a few in this text to get you started. Every hacker has to start somehow and hacking web servers and ftp servers is one of the easiest ways. If you are reading this I am assuming that you already have a basic knowledge of how web servers work and how to use some form of UNIX. But I am going to explain that stuff anyway for those of you who don't know.

Part 1: Simple UNIX Commands

Most DOS commands have UNIX and Linux equivalents. Listed below are some of the main commands you will need to know to use a shell account.

HELP = HELP
COPY = CP
MOVE = MV
DIR = LS
DEL = RM
CD = CD

To see who else is on the system you can type WHO. To get information about a specific user on the system type FINGER . Using those basic UNIX commands you can learn all you need to know about the system you are using.

To see who else is on the system you can type WHO. To get information about a specific user on the system type FINGER . Using those basic UNIX commands you can learn all you need to know about the system you are using

Part 2: Cracking Passwords

On UNIX systems the file that contains the passwords for all the users on the system is located in the /etc directory. The filename is passwd. I bet your thinking...."Great. All I have to do is get the file called /etc/passwd and I'll be a hacker." If that is what you are thinking then you are dead wrong. All the accounts in the passwd file have encrypted passwords. These passwords are one-way encrypted which means that there is no way to decrypt them. However, there are programs that can be used to obtain passwords from the file. The name of the program that I have found to be the best password cracker is called "Cracker Jack." This program uses a dictionary file composed of thousands of words. It compares the encrypted forms of the words in the list to the encrypted passwords in the passwd file and it notifies you when it finds a match. Cracker Jack can be found at my web site which is at http://www.geocities.com/SiliconValley/9185 Some wordlists can be found at the following ftp site: sable.ox.ac.uk/ pub/wordlists. To get to the wordlist that I usually use goto that ftp site then goto the American directory. Once you are there download the file called dic-0294.tar.Z which is about 4 MB. To use that file it must be uncompressedusing a program like Gzip for DOS or Winzip for Windows. After uncompressing the file it should be a text file around 8 MB and it is best to put it in the same directory as your cracking program. To find out how to use Cracker Jack just read the documentation that is included with it.

Part 3: The Hard Part (Finding Password Files)

Up till now I have been telling you the easy parts of hacking a server. Now we get to the more difficult part. It's common sense. If the system administrator has a file that has passwords for everyone on his or her system they are not going to just give it to you. You have to have a way to retrieve the /etc/passwd file without logging into the system. There are 2 simple ways that this can sometimes be accomplished. Often the /etc directory is not blocked from FTP. To get the passwd file this way try using an FTP client to access the site anonymously then check the /etc directory to see if access to the passwd file is restricted. If it is not restricted then download the file and run Cracker Jack on it. If it is restricted then try plan B. On some systems there is a file called PHF in the /cgi-bin directory. If there is then you are in luck. PHF allows users to gain remote access to files (including the /etc/passwd file) over the world wide web. To try this method goto your web browser and type in this URL: http://xxx.xxx.xxx/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwdThen substitute the site you are trying to hack for the xxx.xxx.xxx.For example, if I wanted to hack St. Louis University (and I have already) Iwould type in http://www.slu.edu/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwdDon't bother trying www.slu.edu because I have already done it and told them about their security flaw.Here's a hint: try www.spawn.com and http://www.garply.com/ If the preceding to methods fail then try any way you can think of to get that file. If you do get the file and all the items in the second field are X or ! or * then the password file is shadowed. Shadowing is just a method of adding extra security to prevent hackers and other unwanted people from using the password file. Unfortunately there is no way to "unshadow" a password file but sometimes there are backup password files that aren't shadowed. Try looking for files such as /etc/shadow and other stuff like that.

Part 4: Logging In To "Your" New Shell

OK....This is where you use what you found using Cracker Jack. Usernames and passwords. Run your telnet client and telent to the server that you cracked the passwords for, such as www.slu.edu. When you are connected it will give a login screen that asks for a login names and password and usually information on the operating system that the server is using (usually UNIX,linux, aix, irix, ultrix, bsd, or sometimes even DOS or Vax / Vms). Just type in the information you got after cracking the passwd file and whatever you know about UNIX to do whatever you feel like doing. But remember that hacking isn't spreading viruses or causing damage to other computer systems. It is using your knowledge to increase your knowledge.

Part 5: Newbie Info

If you feel that you have what it takes to be a serious hacker then you must first know a clear definition of hacking and how to be an ethical hacker. Become familiar with unix environments and if you are only just starting to learn to hack, visit a local library and find some books on various operating systems on the internet and how they work. Or you could go to a book store and buy a couple internet security books. They often explain how hackers penetrate systems and that is something a beginner could use as an advantage.

ADMIN ACCOUNT ACTIVATION

2007-09-12T22:43:00.000-07:00

HOW TO HACK INTO THE SCHOOL COMPUTER NETWORKING SYSTEM IN 10 STEPS!
--------------------------------------------------------------------------------------------------------------
1. Restart the Computer and just after it has finnished loading the BIOS settingspress F8. Then it should come up with a screen saying run Windows XP. anddown the bottom, it will say press F8 again for more options. Press F8 Again.

2. Select "Safe Mode" then press enter.

3. when it has fully loaded up, click start then run. Type in "regedit" and press enter.

4. Click on HKEY_LOCAL_MACHINE > software > Microsoft > Windows NT >Current Version > Winlogon > Special accounts > UserList.

5. In the right Panel, right click anywhere that is blank, and select New > DWORD Value.

6. Name the new DWORD value whatever you want your new username to be.

7. Doubble click the it after you have re-named it. and change the Value Data to "1".

8. Close the registary editor, then click start > RUN, and type in "cmd".

9. Command prompt will open. type in "net user @@@@@@@@@@ * " and insteadof putting in the @ symbols, type in what ever you named the DWORD value that youcreated before. MAKE SURE YOU PUT AN ASTERISK (*) AFTER the DWORD VALUETHAT YOU MADE.

10. It will say "Type a password for the user: " put whatever you want your password to bethere. Then when you press enter, it will say to confirm the password.

Note, when youare typing the password, it will not show up on the screen so type carefully. once you'vedone that, you have created yourself an administrator account and can log on anytime youlike as an admin.

ADMIN PASSWORD BYPASS

2007-09-09T04:41:00.000-07:00

Here's how to create an admin account with knowing the current administrator password.

This is a major security flaw, but it is used nowadays by tech support if something happened and your computer crashed, or something got messed up with your password.
This process will take about 5-10 minutes. If you have a password, or WEP code for your network or internet, be sure to have that at hand.

Step 1: Boot in single user mode (Single user mode bypasses the GUI, which is all the visual stuff, and gives you something called "root access") by pressing Command + S (Apple+S) when the first shade of blue appears on the screen, and holding it down until the screen turns black with white text.

Step 2: Wait for all the code stuff to load. Now, the first thing we need to do in single user mode is mount the hard drive so we can edit it. You enter this command in : /sbin/mount -uw /
It should say something about removing orphaned unlinked files.

Step 3: We are going to delete a little file that tells your computer every time you start up that you've completed the setup by entering this commmand: rm /var/db/.applesetupdone
It should just bump down, waiting fotr the next command if it worked.

Step 4: Now type, reboot

Step 5: It should shut down and reboot. Than, a setup window will appear, asking you what language you want your computer to be in, just like you see when you setup a newly purchased Mac.
WARNING: A welcome video will play after you select the language. It has some pretty cool music, but if your in a room with other people, I'd mute it right after the video starts.

Step 6: Setup the computer. Select "DO NOT TRANSFER MY DATA". Don't worry, all your old stuff will still be there. Choose your internet connection and network, here is where you need your WEP or security password if you have one.

Step 7: Create a new local account to administer that computer. You usually want to enter the name of the computer as the longname, and the shortname what you'll log in as. Say your computer's old name was "Frank's Computer", than just put Frank as the longname, because it will automatically as "'s Computer" at the end. MAKE SURE THAT BOTH USERNAMES ARE DIFFERENT FROM THE EXSISTING ONES, OTHERWISE IT WILL OVERWRITE.

Step 8: Finish the setup, and you should automatically be logged into your new administrator account

COMPUTER TRICKS

2007-09-09T03:46:00.000-07:00

This is a complimation of computer tricks, mainly security and privacy

related.By: the@womble.co.uk Flames: If you think this is crap, you're probably right. Sue me Send/ email to anyone as long as the entire file is intact Site: www.groovyweb.cjb.net, www.axion-network.net for more

Getting Ip's:--

To see the ip all computers you are connected to (web servers, people attempting to hack into your computer). Go to dos (start>run>type command) and run the netstat command. Type netstat /? for details.

Type netstat -r at the command prompt to see the ip of all computers you are connected to

In MSN (and other programs) when you are chatting to someone everything you type goes through the MSN servers first (they act as a proxy) so you see their ip rather than who you are chatting to. You can get round this by sending them a file as MSN doesn't send file through its proxy.When you type the netstat -r (or -a for a different view) the ip's are under the foreign address table. The ports are seperated by a : . Different programs use different ports, so you can work out which ip's are from which program.

Connecting to other computers and what ports are:--

Servers send information. Clients retrieve. Simple. Windows comes with a built in program to connect to other computers called telnet. To start Windows telnet Start menu> Run> type Telnet. Click connect> remote system Ports are doors into computers. Hosts are computer names (ip number or a name that is translated into the ip automatically) Different programs open different ports, but they always open the same ports so other computers know which port to connect to. You can get a port list listing all the different ports, but a basic one is: 11 :- Sends info on the computer 21 :- FTP (File transfer program) 23 :- Telnet (Login to the computers command line) 25 :- Smtp (Sends mail) 80 :- Http (Web pages) There are thousands of different programs using different ports. You can get programs called portscanners which check a computer for all ports up to a certain number, looking for ways in. You can portscan a computer looking for ways-in. Anyway, back to telnet. Type www.yahoo.com as the host and port as 80 the click connect. If nothing happens, you're in. Wow. You are connected to Yahoo's server. You can now type http commands (you are connected to an http server, so it supports http commands). Ie. on an ftp server you can type open and it will do something. On an http server it will just wonder what the hell you are on about. Type get / http/1.0 then press enter twice to get the file on the server at / (try /index.html) etc.)

BIOS HACK

2007-09-09T03:08:00.000-07:00

There are several reasons why you may need to reset a BIOS password:

You set a configuration password several years ago and now you have to make some hardware configuration tweaks or change the boot order of your drives. Conveniently, you can't remember the password you used.
Your boss brought you her computer from home that her eight-year-old stepson mischievously locked her out of by setting a power-on password.
You inherited a new set of computers and the previous administrator set BIOS configuration passwords so you can't enable/disable your built-in wireless or wired network cards.
A malicious person set a password on a physically insecure server or laptop, and now it won't boot.

Regardless of why your BIOS password was set, there's likely a workaround. Some fixes are free while others you'll have to pay for. Some fixes are simple while others require you to be mechanically inclined. It'll very well cost you time and/or money, but it's hard to put a price on a non-functioning computer -- especially if it means your efforts could be better spent elsewhere.
I'll forewarn you: There are a lot of good BIOS password hacking and cracking resources on the Web -- several of which I link to in this guide. As with most things, the resources offer some good advice and some bad. Performing some actions can really lock you out of your computer -- to the extent of damaging your hardware and being forced into a service call, so proceed with caution. Also, be careful handling any computer hardware; you can destroy the sensitive circuitry inside the computer with static electricity coming from your hands. It could end up bleeding from the sharp metal that's inside the computer case! Keep in mind that attempting any of these steps can potentially void your computer's warranty as well.

www.youtube.com/watch?v=8y3X-hShhQ0