The Hack o blog

Reinventing the weel

Category Archives: The Basics

Rick Hayes – Assessing and Pen-Testing IPv6 Networks

Although it is long, it gives some fascinating insistent in to Pen-Testing.

Accessing a BackTrack server via mobile phone in a secure way


The Objective:

Set up a Backtrack system that is accessible over the internet from the phone in my pocket. What can I say? I like to practice my metasploit syntax while waiting in the doctor’s office. Oh, and I’d also like to do it as cheaply as possible and in some relatively secure fashion.

Read more of this post

List of hacker e-books.

A Shebang, also Hashbang or Sharp bang. This i...

Image via Wikipedia

Here is a list of e-books
Ralphb.net – direct link to IP-subnetting Tutorial…long enough to be a small e-book, rather than a tutorial.
Astalavista – You’ll find links for news, affiliates, a place to submit your programs and/or tutorials. Go way down
to see the tuts. An impressive selection of topics: access control (firewalls, social engineering), miscellaneous, crypto, software
cracking, ICQ, IRC, online security, intrusion detection, chat systems, hacking/security groups, protocols, denial of service, OS‘s, network auditing, securing papers, and the basics.
Nopayweb.com – over 500 e-books, listed by category…programming languages, database, internet, application, OS’s, networks, sci&tech.
Freeskills – features e-books and tutorials, with the intention of teaching people IT skills. It also has job listings and courses. Despite the name, it’s not free. The books links eventually lead you to the order form on Amazon.com, and to take the courses, you must be a member, which is 99$.
Extremetech – multi purpose site with info on audio/video, security, and OS’s. There are also tech articles, news stories, and a BBS.
Code guru – This link takes you to the C++ section of the site. Also links to other departments…like java, and visual basic. Also has a forum. It’s one of those sites that shows you how to do various things…using regular expressions for search/replace, handling
structure storage, and other things like that.
Tunes.org – Direct link to an e-book, called Review of Existing Languages.
Programmer’s Heaven – Great site, that offers info on every programming language. Also has a forum and downloads/source codes.
Planet Zikri -Nice collection, but poorly organized…alphebetical, rather than
subject…one interesting find, was a wargame manual. It has lot’s of books that I’ve never seen offered online anywhere else.
Instinct.org – This is an archive of interesting texts texts by people that have released the copyright of their books and allowed other to freely redistribute them.

Flashdance.cx – Nice selection of text files, most descriptions in Swedish but subject material can usually be figured out by file name.
Free-edFree online courses for a number of things computer related, or not.
Freebooks – A number of free books, most notably in the areas of programming, internet, and OS’s. The sight is Russian, and some of the books are in Russian, but many are in English, so it’s worth a look .
http://www.textfiles.com – goes directly to a
page that shows you mirrors for the site and affiliates/member sites. You choose a mirror, hit the button, then it finally lists it’s topics. There are many topics, most of them not computer related, but still quite a bit of what your looking for. A lot of this seems old, though.
http://www.freebsd.org/docs.html – Documentation project for FreeBSD….including books, other websites, links, and articles.
http://www.ucs.ed.ac.uk/~unixhelp/index.html – A site designed to provide a flexible introduction and reference for users of the UNIX operating system.
http://www.uwsg.indiana.edu/usail/ – Unix System Administration Independent Learning
http://www.oreilly.com/openbook/ – A list of “open copywritten” books from O’Reilly’s.
http://networking.oreilly.com/ – Another O’Reilly site, featuring alot of networking books, from wireless networking to TCP/IP for Windows…
http://theory.lcs.mit.edu/~rivest/crypto-security.html – This page contains pointers to other web pages dealing with cryptography and security.
http://en.tldp.org/docs.html – The Linux Documentation Project.
http://techpubs.sgi.com/library/tpl/cgi-bin/init.cgi – Techpubs Library…a small list of links to other info, man pages, and FAQ’s.
http://www.redbooks.ibm.com/ – The official IBM Redbooks site.
http://www.tru64unix.compaq.com/docs/index.html – The Tru64 UNIX Publications Web site provides online access to the Tru64 UNIX documentation, reference pages, and documentation for related products.
http://www.cs.bell-labs.com/cm/cs/pearls/ – Programming Pearls, 2nd edition.
http://www.cprogramming.com/tutorial.html – A list of tuts for programming in C++, as well as some other links.
http://www.cs.virginia.edu/c++programdesign/slides/ – A slide show from some class…featuring a little bit of basic info.
http://www.icce.rug.nl/documents/cplusplus/ – A book for C users who want to make the transition to C++.
http://www.webdesigns1.com/perl/ir.html – A small list of Perl info / links, etc.
http://www.ictp.trieste.it/texi/perl/perl_toc.html – Perl Manual (Texinfo version) for perl version 4.0 patchlevel 36, Edition 0.6, dated 13 September 1993, printed on 25 March 1994.
http://www.cs.brown.edu/cgc/java2.da…ook/index.htmlData Structures and Algorithms in Java.
http://www.adahome.com/Tutorials/ – A list of Computer-Assisted Tutorials and resources for learning ADA.
http://www.cacr.math.uwaterloo.ca/hac/ – Handbook af applied Cryptography.
http://tronche.com/gui/x/Info and documentation on the X Window system.
http://developer.gnome.org/doc/GGAD/ggad.html – GTK+ / Gnome Application Development.
http://www.troll.no/qt/ – Trolltech Documentation.
http://perso.wanadoo.es/antlarr/tutorial.html – A KDE tutorial.
http://www.cs.wisc.edu/~chilimbi/Pubs.html – A small list of publications on CCDS.
http://www.sysadminmag.com/ – A journal for Unix System admins.
http://www.firstmonday.dk/issues/ – A list of issues from First Monday.
http://www.ibm.com/ibm/history/story/text.html – The IBM archives.
http://www.dspguide.com/pdfbook.htm – The Scientist and Engineer’s Guide to Digital Signal Processing.
http://hwb.sunsite.dk/ – “Hardware Book! This is Your free reference guide to electronics.”
http://www.cisco.com/univercd/cc/td/doc/product/ – Cisco Product Documentation, featuring hubs, adapters, routers, etc.
http://developer.novell.com/research/index.htm – Novell AppNotes.
http://www.symbols.com/ – SYMBOLS.com, the world’s largest online encyclopedia of graphic symbols.
http://www.divinecomedy.org/divine_comedy.html – The Research Edition of the Divine Comedy by Dante Alighieri. This site features three full editions of the Divine Comedy online: the original Italian text, and English translations by Henry Wadsworth Longfellow and Rev. H.F. Cary.
http://digital.library.upenn.edu/books/ – The Online Books page…a nice list of books online.
http://www.ipl.org/reading/books/ – The IPL Books Collection (formerly known as Online Texts) contains over 20,000 titles that can be browsed by author, by title, or by Dewey Decimal Classification.
http://www.infomotions.com/alex/ – The Alex Catalogue of Electronic Texts is a collection of public domain documents from American and English literature as well as Western philosophy.
http://www.octavo.com/ – Octavo Digital Rare Books.
http://www.promo.net/pg/ – Project Gutenberg.
http://www.lysator.liu.se/runeberg/katalog.html – Project Runeberg.
http://lcweb.loc.gov/exhibits/scrolls/toc.html – A site featuring info from the Dead Sea Scrolls.
http://impact.arc.nasa.gov/ – Asteroid and Comet Impact Hazards.
http://www.boulder.swri.edu/clark/ncar.html – A paper on the asteroid/comet impact hazard.
http://www.pbs.org/wnet/hawking/html/home.html – Stephen Hawking’s Universe.
http://www.dibonsmith.com/constel.htm – The Constellations.
http://virtualsites.ezthemes.com/sof…hp?catid=s_146 – Virtual Free Books.
http://www.blackcode.com/ – Blackcode.
http://neworder.box.sk/ – NewOrder Box.
http://www.cyberarmy.net/ – CyberArmy.
http://www.infosecwriters.com/ – Infosec Writers.

http://www.gutenberg.org/audio/ – Audio Gutenberg
http://verkaro.com/audio/doku.php – Free audio books and poetry
http://www.otrcat.com/ – Old time radio
http://www.mercurytheatre.info/ – The Mercury Theatre Plays, (‘War of the worlds’)
http://www.jimkelly.net/index.php?op…d=16&Itemid=41 – Jim Kelly’s Free Reads
http://www.itconversations.com/ – High quality IT talk
http://www.cbc.ca/quirks/ – BBC Science show ‘Quirks & Quarks’
http://ask.slashdot.org/article.pl?s…&tid=188&tid=4 – Slashdot artical on free audio for commute or learning
http://www.arstechnica.com – Articles on Computer hardware, some reference manuals. Unfortunately not very intuitive for newbs in the hardware arena.
http://www.sacred-texts.com This site hosts a HUGE collection of texts related with religion, mysticism, folk lore and so on…

http://groups.google.com/group/freecomputerbooks/web
http://en.wikibooks.org/wiki/Wikiboo…ence_bookshelf
http://www.techbooksforfree.com/

http://www.underground-systems.org/forums/showthread.php?127-Ebook-Links-UPDATED-4-22-08

How to get all the local passwords on a windows PC

Screenshot of Ophcrack version 3.2.0

Image via Wikipedia

So many of my friends have been asking lately “I forgot my password on my PC how do I find it” Or “Dude how do I get the password to my boyfriends / girlfriends PC” or my favorite “how did you get admin access on the University system”, well the fact of the matter is that there are many methods of breaking into a computer system.

Like most hacking some are really freaking stupidly simple and others would take me an age to explain. As I have been really busy on some other things this week I’m going to demonstrate the simple method, I mean the really simple method to all you beginner hackers out there.

I will focus on windows for now, I have Linux and Mac tutorials but they can get a little more complicated, also you need access to the pc not just remote access for this method to work.

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Step one: Go and get ophcrack:

http://ophcrack.sourceforge.net/download.php?type=livecd

Step two: Burn the ISO (The disk image you just downloaded) to a DVD. I use imgburn on windows.

Step three: Ophcrack runs from boot so press the boot order list during post usually F8 or F10, and select the DVD drive to boot from.

Step four: waste some time for a while and let the magic happen, it usually takes between 5 – 15 minutes to find and crack all the local passwords.

And there you go.

The Pirates guide to DoSing the MPAA

lego pirate

Arrrr


The pirates guide to DoSing the MPAA

If you haven’t heard about the attack then you can read more about it here, I’m going to discuss what it is and how it is done.

What is a Dos, a Dos is a Denial of Services attack it basically stops web servers from running buy telling the web servers that lots of users want to access the web site, they are a common method of attacking a web site and are use buy the “hacker” to extort money or just to get some Lultz.

When does a DoS become a DDoS? The extra D is for distributed so you now have a distributed denial of sevices attack, they can be distributed by many means such as spy bots or throw forums when groups of people want to take down a site such as the recent anti piracy attacks.

This is the most simple and will be what I will demonstrate in this tutorial.

There are lots of tools to perform this task such as the SkyNet Dos tool or the LOIC low orbit ion canon.

  1. Get the LOIC.
  2. Type in the web addresses URL or the IP address of the target.
  3. Then fire (IMMA CHARGIN MAH LAZER)
IMMA CHARGIN MAH LAZER

IMMA CHARGIN MAH LAZER

There are more options such as UDP or TCP attacks, it also allows you to target specific port such as an IRC room or a particular web service.

IRC Tutorial: Getting on IRC

Chatzilla screen open on query window (IRC-Client)

Image via Wikipedia

Thanks to the administrators at dark hoods we now have our own IRC chat room

Server: irc.grayhoods.org
Port: 6667 or 6697 for SSL
Channel: #HackoBlog

In this tutorial I hope to get new users on to IRC

What is IRC?

Internet Relay Chat (IRC) is a form of real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message, as well as chat and data transfers via Direct Client-to-Client.

From: http://en.wikipedia.org/wiki/Internet_Relay_Chat

The first thing you will need is a client the client will allow you to join IRC Channels (chat rooms) kind of like a web browser.
Here are A few,

MIRC (Windows)
http://www.mirc.com

Hydra (Windows)
http://www.hydrairc.com

Trillian (Windows)
http://www.ceruleanstudios.com

Miranda (Windows)
http://www.miranda-im.org

Pidgin ( Linux/ Windows)
http://www.pidgin.im

Konversation ( Linux)
http://www.konversation.kde.org/

X-chat ( Linux/ Windows)  more help for Xchat
http://www.xchat.org/

ChatZilla ( Linux/ Windows)
https://addons.mozilla.org/en-US/firefox/addon/16

and many more, go have a look around the net for a while there is no rush. Now you need to know the address, for this example we will join irc.grayhoods.org using ChatZilla.

(commands can be different in client and servers please see the appropriate documentation)

The command is usually /attach(address goes hear ) (port number) or with /SERVER in most IRC clients so go a head and type it in.

As it is a default port we don’t need to specify the port, if you do however then it would look like this.

/attach irc.grayhoods.org 6667
or
/SERVER irc.grayhoods.org 6667

6667  is the default port in most IRC servers.

In some IRC client you specify the address in a dialogue box in that case the address is  irc.grayhoods.org and the port would be 6667

Now you have joined the server its now time to register you nick name.

To create or change a nickname just type.

/NICK “crazy_nickname”

No quotes and remember no spaces either.

OK on the Gray Hoods server we have NickServ to protect nick names so once you have  a nick name that is not already registered type this command.

/msg NickServ register “Password” “email@domain.com”

No quotes and put your password and email in there OK!

To re-identify yourself on return visits just type.

/msg NickServ IDENTIFY password

OK now we have registered the crazy_nickname lets join a channel.

Type /list for a list off all the channels when you find one you like type /join #chan_name, the main Hack o Blog channel is #HackoBlog so go ahead and type

/join #HackoBlog

OK and that’s it, Important notes don’t annoy people, harass people, steal nicknames, spam, or be annoying at all you will get slapped or banned. AND DON’T FEED THE BEARS!

I might add a Mibit widget at some point.

So you have a Virus / Malware / Spybot / RAT

Password

Image via Wikipedia

So you have a Virus / Malware / Spy-bot / RAT

To get rid of all of them download all of these

http://www.filehippo.com/download_hijackthis/
http://www.filehippo.com/download_spyware_terminator/
http://www.filehippo.com/download_ccleaner/
http://www.filehippo.com/download_spybot_search_destroy/

  1. Install and reboot.
  2. Press f8 and boot in to safe mode.
  3. Run them all.
  4. Turn off the router for about 10 minutes ( do this wile in safe mode).
  5. Update Windows.
  6. Create a new non-privileged user from the control panel in windows, you will use this for day to day use.
  7. Change all your passwords make a strong password by using this.

Steps to build a strong password

The strongest passwords look like a random string of characters to attackers. But random strings of characters are hard to remember.

Make a random string of characters based on a sentence that is memorable to you but is difficult for others to guess.

  • Think of a sentence that you will remember
    Example: “My son Aiden is three years old.”
  • Turn your sentence into a password
    Use the first letter of each word of your memorable sentence to create a string, in this case: “msaityo”.
  • Add complexity to your password or pass phrase,Mix uppercase and lowercase letters and numbers. Introduce intentional misspellings.
    For example, in the sentence above, you might substitute the number 3 for the word “three”, so a password might be “MsAi3yo”.
  • Substitute some special characters
    Use symbols that look like letters, combine words, or replace letters with numbers to make the password complex.
    Using these strategies, you might end up with the password “M$8ni3y0.”
  • Test your new password with Password Checker
    Password Checker evaluates your password’s strength as you type.
  • Keep your password a secret
    Treat your passwords with as much care as the information that they protect.

This is a made simple post for the non IT people I know it’s just a reference so I can tell them what to do. It’s not for all you pro hackers out there.

Also I don’t know where I found the pass word tips if the original writer could contact me I will give you credit.

Testing a spam filter with GTUBE

We all hate it but you know what they say “spam happens”. so here is the scenario you have got a spam filter, it’s all set up and you think you have done a good job, but wait how do you test it, sign up to some shady site? No that’s a bad idea you don’t know what could happen.

So here is how you do it. GTUBE no it’s not a porn site 😦 but is a spam testing method 🙂

Step one:
Log in to your email (it’s best to use another email)
Step two:
Paste this in to the body of the email

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Then email it to your self

Your spam filter should pick it up as spam and block it / send it to a spam folder.

Here is how it works spam filters give an email a anti-spam score, the higher the spam score the more likely its spam, this code has an anti-spam score of 1000, which would be sufficient to trigger a warning.