Tools For Hacker

------------------------------------------------- ----------------------------------------------------------#

In the world of hacking was known of the term "rootkit" is so popular although many do not understand what is meant by the rootkit.

Rootkit consists of a combination of 2 words, ie root and kit. Root is the highest privileges in Unix family of operating systems and the kit is a collection of tools. So rootkits can be interpreted as a collection of tools or tools that are used to control a system permanently without being noticed by the administrator of the machine that has been mastered.

Rootkit must have the ability to hide its presence and also has the ability to keep control of the system without being noticed by the admin concerned. Rootkits typically will enter into the architecture of a system that is not detected, so it means a program such as BO and Netbus backdoor can not be categorized as a rootkit.

Rootkits are usually composed of several tools, such as:

* Backdoor Program

Is a program used for the system can remain occupied and still be accessible without the need to again via the exploit. With so although weaknesses have been corrected or exploit the system no longer valid, the attacker is still able to control the system via this backdoor.

This backdoor program usually will modify or replace programs like login.c, ftp, rlogin, inetd, etc. thus allowing an attacker gain access through a service that has been modified it. Placement backdoor even done well through hard kernel modifications to the detection kerbeadaannya.

* Packet Sniffer

Sniffer is a program used to capture the information passed from the cable network. Programs such as ftp and telnet usually in sending a username and password information in encrypted text that is not so easy to steal.

* Controller Log Files

Programs that are in and quite important to include the rootkit is a program to remove the log. With this tool all the activities of the attacker can be hidden so that the admin is not aware of the activities that occur by an unwanted party. Given these tools to make the admin will have difficulty in detecting the presence of these unwanted party. Usually for the log files also included a program for editing of the log file.

* Other Tools

Are additional tools that are used by attackers as Ddos client program, namely trinoo, IRC bot which will connect automatically to the IRC server in automatically, etc..

* System Patch

After gaining access to the vulnerability, the rootkit also provides tools to make the patch against the vulnerability is with the aim that other hackers will not go into the system. Because the attacker has made a backdoor, which has mastered the system will still be in control of the attacker with a rootkit.

Rootkits can be divided into 2, namely:

* Application Rootkit

* Kernel Rootkit

• Application Rootkit

Application rootkit is a rootkit that much in use by hackers. Rootkit is replacing or modifying the original program with the modified program with the ability trojan. Some examples of programs that replaced are:

* Ls, find that the program does not display the program of the attacker

* Netstat normally displays the port in an open, network connections, and status of listening so it will not display the program or the connection from hackers.

* Killall, so the trojan program installed by hackers will not be in the kill.

* Tcpd, syslogd so it will not record activity in a computer hacker

* Passwd, by entering a password from the root shell rootkit will be used

* Log in, all the usernames can be used for login, including root if the password of a rootkit is used

* Sshd, sshd sometimes be used so as not detected by the sniffer.

* Linsniffer, which is used for sniffing on the network

* Inet.d which will mengopen ports so that hackers can use it to enter into the target with a password that has been determined.

• Kernel Rootkit

Kernel rootkits are rootkits that are harder to detect than the rootkit application. Program for kernel rootkits is available for Linux, Solaris and FreeBSD.

By modifying the kernel, a hacker could hide network connections, files, process, etc..

• Process pemanfaatkan Rootkit

A rootkit is not a tool to attack, but a rootkit is intended to be used as a tool after the attack. With the rootkit a hacker will be able to keep control of the victim's computer undetected.

Social Engenering , Taking Over A Technics WebSite

 

Writing This is just to study materials only and to keep your website from the action - action that is in my writing this. I am not responsible Answer If my writing is in use / misused for a crime.

Social Engenering is a technique hackers To Make A Hacking into a Target, Social Where this Engenering do a thing where the attacker was, pretend - act as a figure of man, which became the target. (Confused yes With this explanation?: P)

Technics Social Engenering not require a special skill, like language pemerongraman that in use to write an exploit and can use a variety of Operating System, and others.

Social Engenering this technique is only to convince the network admin That we are Ko - Ko man Who Will We Prey

Technics Social Engenering or Psycologi Hacking Once this is very much kind of technique / how to Do It.

Here I will try the way Doing this technique to perform Takes Over A WebSite / Over site.

Okay Let's Doit Bro:

The first step that will determine the First Website You Take Over:

For example www.stupid-web.com

Now that Phase I (first) We Doing Whois towards the target where we will find out the identity of Sitarget, Open your browser and Come Into My Website http://www.neo-doank.co.nr/scan.php [here I have a simple program to melaukan scaning of a Host or Domainname,] (Scan only. com. net. org. info), then enter the domain namenya (www.stupid-web.com) for the scan. See Below Sample Scan results against targets

Sample Results of http://jasakom.com Whois:

jasakom.com resolved to 216.177.77.9

DNS Query Results:

; <<>> Dig 9.3.1 <<>> any jasakom.com

;; Global options: printcmd

;; Got answer:

;; ->> HEADER <<- opcode: QUERY, status: NOERROR, id: 40282

;; Flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, Additional: 3

;; Question SECTION:

; Jasakom.com. IN ANY

;; ANSWER SECTION:

jasakom.com. 3591 IN A 216.177.77.9

jasakom.com. 3591 IN NS ns3.discountasp.net.

jasakom.com. 3591 IN NS ns1.discountasp.net.

jasakom.com. 3591 IN NS ns2.discountasp.net.

;; AUTHORITY SECTION:

jasakom.com. 3591 IN NS ns2.discountasp.net.

jasakom.com. 3591 IN NS ns3.discountasp.net.

jasakom.com. 3591 IN NS ns1.discountasp.net.

;; Additional SECTION:

ns1.discountasp.net. 172150 IN A 64.79.161.51

ns2.discountasp.net. 172150 IN A 216.177.89.10

ns3.discountasp.net. 172 150 IN A 63.110.186.41

;; Query time: 3872 msec

;; SERVER: 127.0.0.1 # 53 (127.0.0.1)

;; WHEN: Mon May 22 19:32:50 2006

;; MSG SIZE rcvd: 204

Connecting to whois.arin.net ...

OrgName: Savvis

OrgID: SAVVI-2

Address: 3300 Regency Parkway

City: Cary

StateProv: NC

PostalCode: 27,511

Country: U.S.

ReferralServer: rwhois: / / rwhois.savvis.net: 4321 /

NetRange: 216.177.64.0 - 216.177.95.255

CIDR: 216.177.64.0/19

NetName: SAVVIS

NetHandle: NET-216-177-64-0-1

Parent: NET-216-0-0-0-0

NetType: Direct Allocation

Nameserver: DNS01.SAVVIS.NET

Nameserver: DNS02.SAVVIS.NET

Nameserver: DNS03.SAVVIS.NET

Nameserver: DNS04.SAVVIS.NET

Comment:

RegDate:

Updated: 2004-10-07

OrgAbuseHandle: ABUSE11-ARIN

OrgAbuseName: Abuse

OrgAbusePhone: +1-877-393-7878

OrgAbuseEmail: abuse@savvis.net

OrgNOCHandle: NOC99-ARIN

OrgNOCName: Network Operations Center

OrgNOCPhone: +1-800-213-5127

OrgNOCEmail: ipnoc@savvis.net

OrgTechHandle: UIAA-ARIN

OrgTechName: U.S. IP Address Administration

OrgTechPhone: +1-800-213-5127

OrgTechEmail: ipadmin@savvis.net

# ARIN WHOIS database, last updated 2006-05-21 19:10

# Enter? for additional hints on searching ARIN's WHOIS database.

 -------- Whois Results------------------------- In allwhois.com

Registrant:

      Jasakom

      Ruth Jasakom

      Jl. Kebon Kosong Gg. Mantri 3 No: 161B

      Jakarta Pusat, DKI 10620

      ID

      Email: sto2009@yahoo.com

   Registrar Name ....: REGISTER.COM, INC..

   Registrar Whois ...: whois.register.com

   Registrar Homepage: www.register.com

   Domain Name: jasakom.com

      Created on ..............: Tue, July 11, 2000

      Expires on ..............: Fri, July 11, 2008

      Record last updated on ..: Wed, February 8, 2006

   Administrative Contact:

      Jasakom

      Administrator Jasakom

      Jakarta

      Jakarta, DKI Jakarta -

      ID

      Phone: 62-8129221973

      Email: sto2009@yahoo.com

   Technical Contact:

      Register.Com

      Domain Registrar

      575 8th Avenue 11th Floor

      New York, NY 10018

      U.S.

      Phone: 1-902-7492701

      Email: domain-registrar@register.com

   DNS Servers:

   ns2.discountasp.net

   ns1.discountasp.net

  

Register your domain name at http://www.register.com

  ----------------WHO-IS --------------------------------END ---------

In the above we can see the Identity Sipemilik Domainname, where we see information ranging from name, e-mail, Address, Phone ... Etc ... ... ... ... ... ...

That was enough for We Conduct an attack on the identity of Si-Target

Now phase II (second), we do e-mail to the Administrator in which the target Hosting: D.

Open http://www.neo-doank.co.nr/mail/ Here I have a script Anonymous E-mails I write Own / Design own. Once you go in and log on Website Targeting We send e-mail to Administrator Hosting Si-Yang Having a website that we'll hack. (Fill in your E-mail E-mail As the target for its Domain Name Registering Must)

Contents E-mail is as follows:

----------------------------------------------

Dear,

My Name is Mr. Bla ... Bla ... Bla (Bla = First name and Last name The high-Domain name that will last ... We Hack you can see after the Whois)

I 'can not login to My account, I'forgot Because my Login Name And Password,' There is' Below My Identity sandwiches I's registered domain name to your My Hosting Company:

(Enter last Whois Start All proceeds from the First name, last name, address, city zip code, and so on ..)

Please Send My Login Name and Could You Change my password to: kenatipu-loe, Because I 'Want to Manage My Account and update My Site.

Please Change My Password As soon As possible, if the Password Has Been Change

Please Send login + new passwords to My Another E-mail (enter e-mail that others are here)

Regard

In accordance with the register names Account

You Can Replace the word - he says as you see fit, or for those of you who already speak English Proficient, use your own language, if my language not good: P

Okay, description techniques at the Top Is We pretend - pretend as a person who has a website that we will Hack, where we ask for the Admin HostingCompany in place of His Domain name registered. Once There komfirmasi that password changed, you can login to the target via the Control Panel, FTP or SSH.

Happy Bro HACK

Thanks To ALL, For Read my NEWS !!!!!

Fake Mail

                                                                --  Preface -- 


Fakemail or commonly called a "fake email" is the email sent by someone to another orng using false identities. Ordinary Fakemail sent by utilizing the Open Relay SMTP Server. Maybe you've received an email with a unique domain address such as: me@anywhere.com, I@Love.you c@ke.p or even sender address is the address of your own and not infrequently terdisplay [nobody] (this is because the sender does not From filling out the form.) The scope of our discussion this time is:


I. What is the purpose to send Fakemail and what dangers?

II. How do I send Fakemail?

III. How do I distinguish between Fakemail and not Fakemail (original email)?


                                                               //--- Discussion --- /


I. What is the purpose to send Fakemail and what dangers?



1. Just For Fun

This is often done by others to provide a kind of "surprize" to his friends, apalgi the victim is a person who does not really understand the ins and outs of the internet and the world of Anonymity. Most of the perpetrators are young men who (probably) less work (without purpose bermanfat).


2. Social Engineering

Attackers often use fakemail to perform social engineering (social engineering) in order to gather information about the victim. This is bad for them is pncurian password and password takeover.


3. Causing Mailing List

In a mailing list is not rare difference of opinion or thought. Often found several members yng perkatan felt offended by other members who judged "harsh". Here Fakemail role, we URLs member who was hurt was a Lamer:

1. Lamer noted the name of one member on the mailing list.

2. He then did a post with another member's name with dirty words.

3. Lamer note address emposting moderators and dirty words anymore.

4. Chaos-chaos and slander on the mailing list.

5. Members of other individuals will on leaving out the mailing list.

6. Mailing ruined!


4. Promotion ----> (Spamming)

Within one year this has been filtering Yahoo.com reported more than 2 Billion Spam. Junk emails are often sent by a company or owner of a site specific service providers to promote its product.


5. Grudges or feeling dissatisfied

Squabbles in cyberspace often happens in IRC channels. Not infrequently because they feel offended happen Cyber warfare. Sometimes a chatter was a coward that dare not use the original email address to berate and terrorize his victim.


6. Virus Spreading

It is often found in a well-known VX who want the virus. Because maybe shy and for the sake of security credentials, he spread the virus (manually) to large mailing lists using a fake identity.


7. ... ... (Fill it yourself ...: P)


II. How do I send Fakemail?


1. Utilizing TELNET

Consider the following example ... ....


Click START - RUN and type TELNET


==============================
C: \ WINDOWS \ Ssytem32 \ telnet.exe
==============================

Welcome to Microsoft Telnet Client


Escape Character is 'CTRL + J'


Microsoft Telnet>

---> Type 'o' = To connect to the server in question.

<To>

---> Type 'mail.terserah.com 25' = mail server is


<To> mail.terserah.com 25

Connecting To mail.terserah.com ...

Connected ...


Mail.terserah.com is xxx.xxx.xxx

---> Type 'helo mail.terserahkamu.com'


Helo mail.terserahkamu.com pleased to meet you


---> Type 'mail from': (name of victim) @ terserah.com '= Examples of' mail from:


anyone@anywhere.com '.

OK


---> Type 'rctp to': (name of the victim) @ terserah.com '= Sample' rcpt

to: korban@terserah.com '.


OK

---> Type 'Subject:' = contents subjectnya

---> Type 'From:' = fill up your name, example: Spyro <anyone@anywhere.com>

---> Type 'X-Mailer:' = write mailers, such as: Micorosft outlook = So that if the victim merply your letter, a letter will be returned.

---> Type the message ...


Balablabla ...

From,

El Azizy ...

---> Click enter 2x to end email

Send 37368232982, OK

---> Type 'Quit' = Disconnect from the mail server


2. Using the sendmail function in PHP

PHP sendmail function that allows us to send email without MYSQL. We are just now looking for domain hosting that allows PHP scripts. Here's an example PHP script sending Fakemail (Fakemail.php):


<? Php

fakemail function ($ ANZ, $ anzname, $ anzdomain, $ anztld)

{

$ Alpha = array ('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'k', 'l', 'm', ' n ',' o ',' p ',' q ',' r ',' s', 't', 'u', 'v', 'w', 'x', 'y', 'z' );

$ At ='@';

$ Dot ='.';

$ Divstart = "<div style=\"display:none;\">";

$ Divende = "</ div>";

$ Name ='';

$ Domain ='';

$ Tld ='';

$ Mail = array ();

$ Block ='';

srand ((double) microtime () * 100000);

for ($ j = 0; $ j <$ ANZ; $ j + +)

{

for ($ i = 0; $ i <$ anzname; $ i + +)

{

$ Awert = rand (0.23);

$ Name .= $ alpha [$ awert];

}

for ($ i = 0; $ i <$ anzdomain; $ i + +)

{

$ Awert = rand (0.23);

$ Domain .= $ alpha [$ awert];

}

for ($ i = 0; $ i <$ anztld; $ i + +)

{

$ Awert = rand (0.23);

$ Tld .= $ alpha [$ awert];

}

$ Mails [$ j] = "<a href=\"mailto:".$name.$at.$domain.$dot.$tld."\">". $ Name. $ At. $ Domain. $ Dot . $ tld. "</ a> <br /> \ n";

$ Name ='';

$ Domain ='';

$ Tld ='';

}

for ($ k = 0; $ k <sizeof ($ mail); $ k + +)

{

$ Block .= $ email [$ k];

}

return $ divstart. $ block. $ divende;

}

/ / Aufruf für 10 Adressen,

/ / 6 Zeichen als Name,

/ / 8 Zeichen für den Domainnamen,

/ / Zeichen lange und 2 TLD


/ / Echo fakemail (10,6,8,2);

?>


3. Using the sender Fakemail

Many fake email sender application is available free (though no less well paid). We simply fill the form provided with the address of the SMTP server (there are hundreds of SMTP Open Relay is available free of charge!), Fill out the form From / Sender's up with your name, address of the victim, the attachment if available, fill in the message, then press the send button, easy enough is not it? Interested? Download the program in member area Category Mail Bomber (www.spyrozone.tk)



III. How do I distinguish between Fakemail and bukanFakemail (original email)?



We certainly have to be wary of emails that we receive fakemail in considering how dangerous a particular purpose. One way is to look at Full Headers email we receive (look for your own buttons in the mail.)


 Consider a few examples below (here I use the example mail Yahoo!):


From Gin Mon Oct 25 17:13:47 2005

X-Apparently-To: spyro_zone@yahoo.com via 68,142,201,215; Tue, 25 Oct 2005 17:20:28 -0700

X-Originating-IP: [68.142.206.28]

Return-Path: <gin_2115@yahoo.com>

Authentication-Results: mta164.mail.re2.yahoo.com from = yahoo.com; DomainKeys = pass (ok)

Received: from 68.142.206.28 (HELO web32715.mail.mud.yahoo.com) (68.142.206.28) by mta164.mail.re2.yahoo.com with SMTP; Tue, 25 Oct 2005 17:20:28 -0700

Received: (qmail 21962 invoked by uid 60001); 26 Oct 2005 00:13:47 -0000

DomainKey-Signature: a = rsa-sha1; q = dns; c = nofws; s = s1024; d = yahoo.com; h = Message-ID: Received: Date: From: Reply-To: Subject: To: MIME- Version: Content-Type: Content-Transfer-Encoding: b = oyiXejXhE6hhm6epuyNImExh1e9tnmwB5Ru + WpH1 + Eukpjv + uJjPP5G6uK8oCmfpGV6PoO2Ow + wUUmE9oHo + 8qkP48J4env4pdhVlCRD6eZwNDuzGYUXJ9B5SONU4NSe + R7N8laptsvb GoermhyKRO c8Mtv77mAtYVPTXyOf4 +4 =;

Message-ID: <20051026001347.21960.qmail @ web32715.mail.mud.yahoo.com>

Received: from [202.6.237.138] by web32715.mail.mud.yahoo.com via HTTP; Fri, 26 Oct 2005 01:13:47 BST

Date: Wed, 26 Oct 2005 01:13:47 +0100 (BST)

From: Send an Instant Message "Gin" <gin_2115@yahoo.com> View Contact Details View Contact Details Add Mobile Alert

DomainKeys has confirmed Yahoo! That this message was sent by yahoo.com. Learn more

Reply-to: sx7@yahoo.com

Subject: Hi my friend ...

To: x7zone@yahoo.com

MIME-Version: 1.0

Content-Type: multipart / alternative; boundary = "0-610143512-1130285627 =: 19591"

Content-Transfer-Encoding: 8bit

Content-Length: 516


This original email!

GIN --- ---


From gin_2115@yahoo.com Mon Oct 25 16:45:46 2005

X-Apparently-To: spyro_zone@yahoo.com via 68.142.200.72; Tue, 25 Oct 2005 16:45:46 -0700

X-YahooFilteredBulk: 198.173.4.2

X-Originating-IP: [198.173.4.2]

Return-Path: <cluster1@diffusion.agava.com>

Authentication-Results: mta124.mail.dcn.yahoo.com from = yahoo.com; DomainKeys = neutral (no sig)

Received: from 198.173.4.2 (EHLO eternity.agava.net) (198.173.4.2) by mta124.mail.dcn.yahoo.com with SMTP; Tue, 25 Oct 2005 16:45:46 -0700

Received: from diffusion.agava.com (diffusion.agava.com [198.173.4.9]) by eternity.agava.net (Postfix) with ESMTP id 8E7E115311 for <spyro_zone@yahoo.com>; Tue, 25 Oct 2005 18:45 : 46 -0500 (CDT)

Received: by diffusion.agava.com (Postfix, from userid 4036) id 89768BC6011; Tue, 25 Oct 2005 18:45:46 -0500 (CDT)

To: x7_zone@yahoo.com

Subject: Hi Spyro ...

From: Send an Instant Message gin_2115@yahoo.com View Contact Details View Contact Details Add Mobile Alert

Reply-to: gin_2115@yahoo.com

Message-Id: <20051025234546.89768BC6011 @ diffusion.agava.com>

Date: Tue, 25 Oct 2005 18:45:46 -0500 (CDT)

Content-Length: 34


These fake emails!

GIN --- ---

Differentiate the second header of the email above ...!!





                                                               //---Closing ---//


A few from my brief discussion about Fakemail remember my limitations. Better to have a little knowledge but were divided than many but have eaten their own knowledge (basic stingy loe!: P) Hope can be used as material to learn for the newbie (hiks ... but I am also a newbie) and for the master to be used as a reference.

Network Computers Take Over Power

It is not impossible if you can spy suluruh activities undertaken in each computer in your network (school, college, office) without anyone knowing. Even you also can control it from afar.

There was a friend suddenly surprised when he was Chating, messages sent to friends chatnya different from what he typed. Apparently someone has been controlling his computer through another computer and typing dirty words dikomputernya. As a result my friend was disappointed because the opponent chatnya blurry because it was not treated well by him.

Some confidential data on a company's office turned out to have been leaked and altered by someone unknown. How did all that did not happen, if a computer that stores important data connected to the network. Because soseorang employees who know little tricks Hacking has been smuggled into the computer. He changed the value obtained by the person's salary when the user is careless. He even took an important file and send it back with a mess of data that has been dirubahnya. Office party too late to know that the computer has at breaking people, because it is less responsive admins know the development of "Hacker Indonesia."

To take over the computer network of people in there are a variety of ways:
1. Go to the room without permission and took manager
computernya (Ha ha, how silly and surely it will get laid off from the boss he he).
2. Spreading Trojans. Maybe this way more
effective although there are many more other ways.

What is a Trojan?
Klo who do not know please read the book S'to or other sources for more details. This is a Trojan file that gives us access to go to a specific computer when the Trojan is executed. And we also have to have a software controller in accordance with the Trojan pair.

How to get it?
Trojans can easily be downloaded from the Internet with a variety of species as has been published in the book Internet Art of Hacking II. But most files and files trojannya Builder has been able to be detected by most antivirus and Trojan viruses disrupt the system so that the victim was quickly realized that the computer virus. So, what's the solution?
You can donload herehttp://www.geocities.com/anton_riyadi2002/

This Trojan virus is engineered its own code and does not interfere with the system. This Trojan is also not led to a suspicious message, such as local Indonesian viruses in general. It is suitable for the beginner hackers because it is quite easy to operate.
You simply type the computer name / IP address of computers that have been infected with Trojan then there has to take over computers without having known the victim.

Before people take over your computer a good idea to know a little how the techniques of Hacking.

Attention!
Tools Hacking is only a means to learn Hacking. For the risk borne by users of criminal activity.

Nothing is safe in the Network. Stay Online Hacker !!!