How hackers can erase their tracks after hacking you. hehe
This is for educational purpose only..But u can’t hide from me. hehe Just kidding…
Whenever someone comes in contact with another person, place, or thing, something of that person is left behind. This means that the attacker must disable logging, clear log files, eliminate evidence, plant additional tools, and cover his tracks.
Here are some of the techniques that an attacker can use to cover his tracks:-
(1) Disabling logging – Auditpol was originally included in the NT Resource kit for administrators. It works well for hackers too, as long as they have administrative access.
Just point it at the victim’s system as follows:
C:\>auditpol \\192.168.10 /disable
Auditing Disabled
(2) Clear the log file – The attacker will also attempt to clear the log. Tools, such as Winzapper, evidence Eliminator, or Elsave, can be used. Elsave will remove all entries from the logs, except one entry that shows the logs were cleared.
It is used as follows:
Elsave -s \\192.168.13.10 -1 “Security” -C
(3) Cover their tracks – One way for attackers to cover their tracks is with rootkits. Rootkits are malicious codes designed to allow an attacker to get expanded access and hide his presence. While rootkits were traditionally a Linux tool, they are now starting to make their way into the Windows environment. Tools, such as NTrootkit and AFX Windows rootkits, are available for Windows systems. If you suspect that a computer has been rootkitted, you need to use an MD5 checksum utility or a program, such as Tripwire, to determine the viability of your programs. The only other alternative is to rebuild the computer from known good media.
Another method to hide your trace is by hiding files……….
Let me give u a short brief explanation on how u can do that. Well, various techniques are used by attackers to hide their tools on the compromised computer. Some attackers might just attempt to use the attribute command to hide files, whereas others might place their files in low traffic areas. A more advanced method is to use NTFS alternate data systems. NTFS alternate data systems (ADS) was developed to provide for compatibility outside of the Windows world with structures, such as the Macintosh Hierarchical File System (HFS). These structures uses resource forks to maintain information associated with a file, such as icons, and so on.
ADS is a security concern becoz an attacker can use these streams to hide files on a system. As the streams are almost completely hidden, they represent a near perfect hiding spot on a file system. It allows the attacker the perfect place to hide his tools until he needs to use them at a later date. To delete a stream, its pointer must be deleted first or copy the pointer file to a FAT file system. That will delete the stream, as FAT cannot support ADS.
To create an ADS, issue the following command:-
Type examcram.zip > readme.txt:examcram.zip
This command streamed examcram.zip behind readme.txt. This is all that is required to stream the file. Now the original secret file can be erased.
Erase examcram.zip
All tha hacker must do to retrieve the hidden file is to type tha following:-
Start c:\readme.txt:examcram.zip
This will execute ADS and open the secret file. Some tools that are available to detect streamed files include:-
(1) Sfind – A Foundstone forensic tool for finding streamed files
(2) LNS – Another tool used for finding streamed files, developed by ntsecurity.nu
Note: Linux does not support ADS, although an interesting slack space tool is available called Bmap, which can be downloaded from http://www.securityfocus.com/tools/1359. This Linux tool has the capability to pack data into existing slack space. Anything could be hidden there, as long as it fits within the available space, or is parsed up to meet the existing size requirements.
One final step for tha attacker might well be to gain a command prompt on the victim’s system. This allows the attacker to actually be the owner of the box. Some tools that allow the attacker to have a command prompt on the system include Psexec, Remoxec, and Netcat.
Credits: *** Rani tha ***
Saturday, June 21, 2008
Sunday, June 15, 2008
HOW TO CRACK ANY SOFTWARE??
In this tutorial you will learn how to crack any type of software protection using
W32Dasm and HIEW.
IDENTIFYING THE PROTECTION:
Run the program, game, etc., (SoftwareX) that you want to crack without the CD in the
CD reader. SoftwareX will not run of course, however, when the error window pops up it
will give you all of the vital information that you need to crack the program, so be sure to
write down what it says.
CRACKING THE PROTECTION:
Now, run Win32Dasm. On the file menu open DISASSEMBLER > OPEN FILE TO
DISASSEMBLE. Select SoftwareX’s executable file in the popup window that will
appear (e.g. SoftwareX.exe). W32Dasm may take several minutes to disassemble the file.
When W32Dasm finishes disassembling the file it will display unrecognizable text; this is
what we want. Click on the String Data References button. Scroll through the String Data
Items until you find SoftwareX’s error message. When you locate it, double click the
error message and then close the window to return to the Win32Dasm text. You will
notice that you have been moved somewhere within the SoftwareX’s check routine; this
is where the error message in generated.
Now comes the difficult part, so be careful. To crack SoftwareX’s protection you must
know the @offset of every call and jump command. Write down every call and jump
@offset number that you see (You have to be sure, that the OPBAR change its used color
to green). You need the number behind the @offset without the “h.”
Now open HIEW, locate SoftwareX’s executable, and press the F4 key. At this point a
popup window will appear with 3 options: Text, Hex, and Decode. Click on “Decode” to
see a list of numbers. Now press the F5 key and enter the number that was extracted using
Win32Dasm. After you have entered the number you will be taken to SoftwareX’s check
routine within HIEW.
If the command that you are taken to is
E92BF9BF74, for example, it means that the command equals 5 bytes. Every 2 digits
equal one byte: E9-2B-F9-BF-74 => 10 digits => 5 bytes. If you understood this then you
can continue.
Press F3 (Edit), this will allow you to edit the 10 digits. Replace the 5 bytes with the
digits 90. In other words, E92BF9BF74 will become 9090909090 (90-90-90-90-90).
After you complete this step press the F10 key to exit.
Congratulations! You just cracked SoftwareX!
Don’t panic if SoftwareX will not run after you finished cracking it. It only means that
something was done incorrectly, or perhaps SoftwareX’s protection technology has been
improved or created after this tutorial. Simply reinstall SoftwareX and start over. If you’re
sure that you completed all steps correctly and the program still will not run, then tough
nuts. Their protection was developed after the writing of this tutorial.
ONE MORE TRICK
Originally Posted by miggittymacdadd
1. Install the software and choose License Type as "Network" while asked.
2. After installation, copy VIZ2007\adlmdll.dll to ...\Autodesk\VIZ2007 and overwrite the original one.
3. Setup Flexlm License Server with the files in the supplied FlexLM directory.
4. Start the inventor, input 2080@your_server_host_name or just point to license.lic while the license is requested.
ONE MORE TRICK!!
Copy\Crack\FlexLM directory to C:\Program Files\Autodesk\
Run "C:\Program Files\Autodesk\FlexLM\lmtools.exe"
Select "Config Services" tab at the top
Click "Browse" on the line "Path to the lmgrd.exe file"
Find the file in C:\Program Files\Autodesk\FlexLM\
Click "Open"
Click "Browse" on the line "Path to the license file"
Find the file in C:\Program Files\Autodesk\FlexLM\
Click "Open"
In the Path to Debug Log file field
Enter "C:\Program Files\Autodesk\FlexLM\Debug.log"
Select "Use Services" and "Start Server at Power Up"
Click "Save Service"
Click "Yes"
Select "Start/Stop/Reread" tab at the top
Click "Start Server"
Select "File" then click "Exit"
Run Autodesk VIZ 2007
Select "Specify the License File"
Click "Next"
Click "Browse"
Find the file in C:\Program Files\Autodesk\FlexLM\
Click "Open"
Click "Next"
Click "Finish"
If the License File can't be found rerun "C:\Program Files\Autodesk\FlexLM\lmtools.exe"
Select "Start/Stop/Reread" tab at the top
Click "Stop Server"
Click "Start Server"
and try running Autodesk VIZ 2007 again
credits - rani tha
W32Dasm and HIEW.
IDENTIFYING THE PROTECTION:
Run the program, game, etc., (SoftwareX) that you want to crack without the CD in the
CD reader. SoftwareX will not run of course, however, when the error window pops up it
will give you all of the vital information that you need to crack the program, so be sure to
write down what it says.
CRACKING THE PROTECTION:
Now, run Win32Dasm. On the file menu open DISASSEMBLER > OPEN FILE TO
DISASSEMBLE. Select SoftwareX’s executable file in the popup window that will
appear (e.g. SoftwareX.exe). W32Dasm may take several minutes to disassemble the file.
When W32Dasm finishes disassembling the file it will display unrecognizable text; this is
what we want. Click on the String Data References button. Scroll through the String Data
Items until you find SoftwareX’s error message. When you locate it, double click the
error message and then close the window to return to the Win32Dasm text. You will
notice that you have been moved somewhere within the SoftwareX’s check routine; this
is where the error message in generated.
Now comes the difficult part, so be careful. To crack SoftwareX’s protection you must
know the @offset of every call and jump command. Write down every call and jump
@offset number that you see (You have to be sure, that the OPBAR change its used color
to green). You need the number behind the @offset without the “h.”
Now open HIEW, locate SoftwareX’s executable, and press the F4 key. At this point a
popup window will appear with 3 options: Text, Hex, and Decode. Click on “Decode” to
see a list of numbers. Now press the F5 key and enter the number that was extracted using
Win32Dasm. After you have entered the number you will be taken to SoftwareX’s check
routine within HIEW.
If the command that you are taken to is
E92BF9BF74, for example, it means that the command equals 5 bytes. Every 2 digits
equal one byte: E9-2B-F9-BF-74 => 10 digits => 5 bytes. If you understood this then you
can continue.
Press F3 (Edit), this will allow you to edit the 10 digits. Replace the 5 bytes with the
digits 90. In other words, E92BF9BF74 will become 9090909090 (90-90-90-90-90).
After you complete this step press the F10 key to exit.
Congratulations! You just cracked SoftwareX!
Don’t panic if SoftwareX will not run after you finished cracking it. It only means that
something was done incorrectly, or perhaps SoftwareX’s protection technology has been
improved or created after this tutorial. Simply reinstall SoftwareX and start over. If you’re
sure that you completed all steps correctly and the program still will not run, then tough
nuts. Their protection was developed after the writing of this tutorial.
ONE MORE TRICK
Originally Posted by miggittymacdadd
1. Install the software and choose License Type as "Network" while asked.
2. After installation, copy VIZ2007\adlmdll.dll to ...\Autodesk\VIZ2007 and overwrite the original one.
3. Setup Flexlm License Server with the files in the supplied FlexLM directory.
4. Start the inventor, input 2080@your_server_host_name or just point to license.lic while the license is requested.
ONE MORE TRICK!!
Copy
Run "C:\Program Files\Autodesk\FlexLM\lmtools.exe"
Select "Config Services" tab at the top
Click "Browse" on the line "Path to the lmgrd.exe file"
Find the file in C:\Program Files\Autodesk\FlexLM\
Click "Open"
Click "Browse" on the line "Path to the license file"
Find the file in C:\Program Files\Autodesk\FlexLM\
Click "Open"
In the Path to Debug Log file field
Enter "C:\Program Files\Autodesk\FlexLM\Debug.log"
Select "Use Services" and "Start Server at Power Up"
Click "Save Service"
Click "Yes"
Select "Start/Stop/Reread" tab at the top
Click "Start Server"
Select "File" then click "Exit"
Run Autodesk VIZ 2007
Select "Specify the License File"
Click "Next"
Click "Browse"
Find the file in C:\Program Files\Autodesk\FlexLM\
Click "Open"
Click "Next"
Click "Finish"
If the License File can't be found rerun "C:\Program Files\Autodesk\FlexLM\lmtools.exe"
Select "Start/Stop/Reread" tab at the top
Click "Stop Server"
Click "Start Server"
and try running Autodesk VIZ 2007 again
credits - rani tha
Sunday, April 13, 2008
Play Wid Networks..!!
You wanna mess around with your school network?
You wanna own the shit out of some kiddies who think they're the best?
Well thankfully there's the shutdown function in cmd Smile
First of all you need to have access to a cmd prompt on the network for this to work.
If it's disabled you can obviously run everything from .bat files.
So first type in
Code:
Net View
This will give you all the names for all the computers on the network.
Then you want to find a target and write it down, so for example a name is //045-comproom1-05 then you will utilize that name to shutdown the computer.
What next? Well if you're a lil skiddy yourself then the easiest thing to do is type in
Code:
shutdown -i
which will give you a gui interface and you'll be able to shutdown whichever computer you want with it, you can set a time, even throw in a funny comment like "owned" or somethin Smile.
commands you will use if you just wanna use the command interface are
Code:
shutdown -m //computername
- shutsdown the pc.
Code:
shutdown -m -c "owned"
shutdown with a comment.
Code:
shutdown -l
logoff the user.
Code:
shutdown -r
restart the computer.
and so on...
You wanna own the shit out of some kiddies who think they're the best?
Well thankfully there's the shutdown function in cmd Smile
First of all you need to have access to a cmd prompt on the network for this to work.
If it's disabled you can obviously run everything from .bat files.
So first type in
Code:
Net View
This will give you all the names for all the computers on the network.
Then you want to find a target and write it down, so for example a name is //045-comproom1-05 then you will utilize that name to shutdown the computer.
What next? Well if you're a lil skiddy yourself then the easiest thing to do is type in
Code:
shutdown -i
which will give you a gui interface and you'll be able to shutdown whichever computer you want with it, you can set a time, even throw in a funny comment like "owned" or somethin Smile.
commands you will use if you just wanna use the command interface are
Code:
shutdown -m //computername
- shutsdown the pc.
Code:
shutdown -m -c "owned"
shutdown with a comment.
Code:
shutdown -l
logoff the user.
Code:
shutdown -r
restart the computer.
and so on...
online downloadable virus list!!
hxxp://web.tiscali.it/johnnycrk2/virus/happy99.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Melissa.zip
hxxp://web.tiscali.it/johnnycrk2/virus/x.zip
hxxp://web.tiscali.it/johnnycrk2/virus/POLY.zip
hxxp://web.tiscali.it/johnnycrk2/virus/rundll.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Speed.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nowviru.zip
hxxp://web.tiscali.it/johnnycrk2/virus/all.zip
hxxp://web.tiscali.it/johnnycrk2/virus/auto.zip
hxxp://web.tiscali.it/johnnycrk2/virus/best.zip
hxxp://web.tiscali.it/johnnycrk2/virus/document.zip
hxxp://web.tiscali.it/johnnycrk2/virus/good.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nice.zip
hxxp://web.tiscali.it/johnnycrk2/virus/simpatic.zip
hxxp://web.tiscali.it/johnnycrk2/virus/goodbye.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mora.zip
hxxp://web.tiscali.it/johnnycrk2/virus/windows.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mac.zip
hxxp://web.tiscali.it/johnnycrk2/virus/yvirus.zip
hxxp://web.tiscali.it/johnnycrk2/virus/xviruz.zip
hxxp://web.tiscali.it/johnnycrk2/virus/95.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti.zip
hxxp://web.tiscali.it/johnnycrk2/virus/d-g.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/h-j.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Melissa.zip
hxxp://web.tiscali.it/johnnycrk2/virus/x.zip
hxxp://web.tiscali.it/johnnycrk2/virus/POLY.zip
hxxp://web.tiscali.it/johnnycrk2/virus/rundll.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Speed.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow.zip
hxxp://web.tiscali.it/johnnycrk2/virus/Unknow2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nowviru.zip
hxxp://web.tiscali.it/johnnycrk2/virus/all.zip
hxxp://web.tiscali.it/johnnycrk2/virus/auto.zip
hxxp://web.tiscali.it/johnnycrk2/virus/best.zip
hxxp://web.tiscali.it/johnnycrk2/virus/document.zip
hxxp://web.tiscali.it/johnnycrk2/virus/good.zip
hxxp://web.tiscali.it/johnnycrk2/virus/nice.zip
hxxp://web.tiscali.it/johnnycrk2/virus/simpatic.zip
hxxp://web.tiscali.it/johnnycrk2/virus/goodbye.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mora.zip
hxxp://web.tiscali.it/johnnycrk2/virus/windows.zip
hxxp://web.tiscali.it/johnnycrk2/virus/mac.zip
hxxp://web.tiscali.it/johnnycrk2/virus/yvirus.zip
hxxp://web.tiscali.it/johnnycrk2/virus/xviruz.zip
hxxp://web.tiscali.it/johnnycrk2/virus/95.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti.zip
hxxp://web.tiscali.it/johnnycrk2/virus/d-g.zip
hxxp://web.tiscali.it/johnnycrk2/virus/VirusMisti2.zip
hxxp://web.tiscali.it/johnnycrk2/virus/h-j.zip
Awesome Virus 2..!!..Njoy..!!
WARNING: Do NOT open this on your own computer!!
This is how the virus works::
first it will change the color of the cmd box
then it will change the time on the computer to midnight 12:00
then it will shut down the anti virus and firewall
and copy itself into the startup menu and registry
after that it will change its own attribute to hide and read only
so the victim cant remove the virus
after that it will kill processes such as MSN, limewire,
internet explorer, firefox, etc etc
then it will split itself 20 times and flood the WINDOWS folder
It will then delete everything from the windows folder and system 32, then completly erase the WHOLE C drive,
and finally it will shut itself down, and by the time the computer has restarted, it will become useless as it will have deleted EVERYTHING uncluding the windows login screen
Heres the download:
http://rapidshare.com/files/74221720/shroom.zip.html
P.S, Batch virus's are a bitch to send over MSN so i would advise you upload it to a website and let the victim download the file
This is how the virus works::
first it will change the color of the cmd box
then it will change the time on the computer to midnight 12:00
then it will shut down the anti virus and firewall
and copy itself into the startup menu and registry
after that it will change its own attribute to hide and read only
so the victim cant remove the virus
after that it will kill processes such as MSN, limewire,
internet explorer, firefox, etc etc
then it will split itself 20 times and flood the WINDOWS folder
It will then delete everything from the windows folder and system 32, then completly erase the WHOLE C drive,
and finally it will shut itself down, and by the time the computer has restarted, it will become useless as it will have deleted EVERYTHING uncluding the windows login screen
Heres the download:
http://rapidshare.com/files/74221720/shroom.zip.html
P.S, Batch virus's are a bitch to send over MSN so i would advise you upload it to a website and let the victim download the file
A DOS virus builder
h@@p://rapidshare.com/files/65701348/vc.zip [Replace @@ with tt]
====================
Nice easy worm generator that will spread through network shares and emails , it will scan for emails ,it has irc bot and more options.
http://rapidshare.com/files/65704232/Pokes-Worm-Gen-2.zip
====================
Builds worm and add spread options like email or mIRC then you choose what to infect on computers,change PC name, go to url option, antideletion, polymorphic and other shit.
http://rapidshare.com/files/65701343/vbswg2.zip
====================
This little program allows you to add source code and generate your own worm/virus,it has some samples of code inside the zip too.
http://rapidshare.com/files/65702742/Dr._VBS_Virus_Maker.zip
====================
====================
Nice easy worm generator that will spread through network shares and emails , it will scan for emails ,it has irc bot and more options.
http://rapidshare.com/files/65704232/Pokes-Worm-Gen-2.zip
====================
Builds worm and add spread options like email or mIRC then you choose what to infect on computers,change PC name, go to url option, antideletion, polymorphic and other shit.
http://rapidshare.com/files/65701343/vbswg2.zip
====================
This little program allows you to add source code and generate your own worm/virus,it has some samples of code inside the zip too.
http://rapidshare.com/files/65702742/Dr._VBS_Virus_Maker.zip
====================
Awesome Virus...!!
WARNING: Do NOT open this on your own computer!!
It will disable your Firewall and do a lot of funny thing if you still want to see funy things please try it
http://rapidshare.com/files/78696248/Smile.exe.html
It will display a msg "I love dlls" then it will flood there desktop with dll's and also the directory(s) "C:/Windows/" "C:/Windows/System32/" It also disables Ctrl+Alt+Delete in winXP.
h@@p://rapidshare.com/files/65703684/MXZ.zip
===================
It will infect .COM or .EXE files as they are opened, executed, or their attributes are accessed. Also, if the system time is 12:00am, the virus will delete any file executed.
h@@p://rapidshare.com/files/65703373/massacre.zip
===================
The famous worm that fucked up millions of computers around the world , started in Germany where it was programmed by an 18 year old man.
h@@p://rapidshare.com/files/65700942/sasser.b.zip
===================
Plz Notify if the link is broken or is detectable..
Replace @@ with tt...
It will disable your Firewall and do a lot of funny thing if you still want to see funy things please try it
http://rapidshare.com/files/78696248/Smile.exe.html
It will display a msg "I love dlls" then it will flood there desktop with dll's and also the directory(s) "C:/Windows/" "C:/Windows/System32/" It also disables Ctrl+Alt+Delete in winXP.
h@@p://rapidshare.com/files/65703684/MXZ.zip
===================
It will infect .COM or .EXE files as they are opened, executed, or their attributes are accessed. Also, if the system time is 12:00am, the virus will delete any file executed.
h@@p://rapidshare.com/files/65703373/massacre.zip
===================
The famous worm that fucked up millions of computers around the world , started in Germany where it was programmed by an 18 year old man.
h@@p://rapidshare.com/files/65700942/sasser.b.zip
===================
Plz Notify if the link is broken or is detectable..
Replace @@ with tt...
Subscribe to:
Posts (Atom)