Monday, May 25, 2009

new tricks xp

UPDATES
More than 50 new tricks have been added on registry section on 14/01/2004. If you want to see them then just click here





This website will give you full tutorial from basics to expert about hacking, cracking and about almost all the languages. After reading all the tutorials you will get answer of all the questions as: -
(1). What is hacking?
(2). How I can be a good hacker?
(3). How the computers are connected to each other?
(4). How you defense against a hacker?
(5). How virus works?
(6). How windows and other operating systems works?
Any many more such questions..
I request you to all to utilize all the information in some useful works not in damaging someone’s system or not in hacking an email account password other than you. I have also given an special section for tools where you can download almost all essential tools for hacking, cracking and virus writing and its control.
I advised you all to go step-by-step first read the tutorials for basic hacking and then go for next higher hacking. And please don’t try to do hacking unless and until you know full hacking otherwise always keep in mind " to hack is very easy but to escape after hacking is very difficult" so try it when you know all the detail after reading the whole tutorial.
Sometimes you will get ERRORS while trying to break the security as many administrators have taken steps to prevent their hacking in their system, but don’t worry hackers have also updated their ways to hack in secure systems.
DO YOU WANT TO BE A GOOD HACKER?
THEN
READ TUTORIAL BY HackingGuru
Who is hacker?
In the past hackers were assumed to be the persons who knows everything about the computers, they knows all about software and as well as hardware. Those days every computer student wants to reach up to the stage when people called him hacker. But now days the definition of hacker has been changed. Today’s hacker is antonyms to past hacker. They are supposed to the criminal they did crimes by technology by using computer.
Hackers can break the security of any computer, they steal the files of government website, they hack the password of others email account, they just spoil the system and harm the people.
Hackers do not accept software applications in the form they are meant to be in but more often they find ways of making software work in the ways they want it. They just change everything according to their needs. Hacker always tries to find out something new, they always try to discover what they don’t know. They are like a person who is in the sea and searching some thing without knowing for what he is searching in sea they are crazy about computer. Question arises why there are so many souls who want to be hacker. The answer is simple they want to be famous. They think that if they will destroy someone’s system they will be famous. But what they fail to understand is that this quick getting popularity is negative, it is not respect but hatred in addition these hackers are unwanted by system administrators and also by the police. If you will try to harm anyone you could be in jail.
As five fingers are not equal all hackers are not criminals what if a hacker told you about vulnerability in one of your systems. You surely would respect him for his works and will be thankful for his work. Have you heard nothing can cut diamond, except diamond". That same as "only hackers can fight against a hacker". So you need some ethical hacking on your system to know about the weak point of your system.
Ethical hacking is nothing but hacking on a system by the permission of that particular system administrator and you will be paid for this type of hacking.

What is hacking?
In my views no one can describe hacking exactly. It has different meanings for different peoples. Hacking is nothing but breaking into the security, In this the method of opening a lock without key. Ethical hacking is a special type of hacking in which system administrator hires a professional hacker to know about the weakness of their system so that their system can resist against any attack by every hacker whose aim is to harm your system. Those helper persons (hackers) are called ethical hackers.
I am not suggesting that you should stop hacking. Infect I support hacking and want more people to be in the hacking field. I myself break into systems but only for right things. Do something that doesn’t not harm others system you aim must always to make good use of your additional bit of knowledge by doing some legal. Something to improve the service and quality offered by companies. This type of harmless hacking is called passive hacking in which you break into the system but does not delete any file or doesn’t not redirect any page to any other page, in short you did not harm the system. Second type of hacking is active hacking, which I does not support, in this type of hacking you break into the security and delete files and do all which is harmful for remote system.












SHUT DOWN & RESTART THE COMPUTER IN JUST ONE CLICK
If you want to Shut Down your computer you have to click on Start button and then have to select Shut Down option after which a pops will come out and again you have to choose a option from the given option. It is a time consuming process so why don’t we try to have a method so that we can easily Shut Down & Restart the computer on just one click.
Just go the Desktop and press Right Click a list will open select new (mostly it is second option from the bottom). A new list will open select Shortcut. A pop up window will open asking you the command, just type the following:
C:\WINDOWS\RUNDLL.EXE user.exe,exitwindows
Click on next button, then I will ask you for a name. Give the name Shut Down. After doing all the above steps you will get a new icon on Desktop. If you will click on this icon your computer will Shut Down without giving any warning or any pop up.
For making a new restart icon on the Desktop follow the same steps except the command line will change to the following command.
C:\WINDOWS\RUNDLL.EXE user.exe,exitwindowsexec
Hey I think that this is really a good way of exiting the windows without wasting time.

SCARE SOMEONE BY CONFIGURING HIS COMPUTER SO THAT WHENEVER IT WILL BE START AND DESKTOP WILL BE VISIBLE IT WILL TO MSDOS MODE.
Go to Desktop and Right Click and then select new a list will be open select Shortcut. A pop up window will be open asking you for command line just fills the following command.
C:\WINDOWS\COMMAND.COM
[COMMAND.COM is not a website name it is the given to MSDOS, so whenever you will type command.com in RUN menu, MSDOS will be open]
The above method will create an icon, if you will click on this icon MSDOS will be open. So this icon will be shortcut for MSDOS.
[NOTE: If you already has an icon for MSDOS or MSDOS Prompt on your Desktop, then you need not to do any of the above steps as they are meant for only creating a shortcut icon for MSDOS]
Now you have MSDOS shortcut on Desktop. Just select it by mouse and then right click. A list will be open select "properties" then click on the Program Tab and again click on the Advanced button. A pop up will be open asking you for few options. Now check the button that says "MS-DOS mode", uncheck the button that says "Warn before entering MS-DOS mode." Then click on OK.
By the above steps we have make an icon (shortcut) by which we can directly enter in MS-DOS mode without having any warning or pop up. Now copy this icon and paste it into the "C:\WINDOWS\StartMenu\programs\startup" folder.
[ all the file in the above folder will be executed every time whenever the windows get started]
After doing all these steps whenever this computer will be started it will be go in MS-DOS mode.

HACKING WINDOWS BORING BLUE SCREEN SAYING Welcome to Windows 98
To do this hacking you have to search for file named C:\logo.sys, since it is a system file (as it ends with .sys) it may be a hidden file, due to this it will not open in Windows Explorer. To open any system file you have to go in MSDOS mode. So go to start button on left bottom corner of desktop, choose shutdown. A popup window will open select restart in MSDOS mode. After all these steps you will get black page of MSDOS, then do following steps: -
After typing cd\ type the following:
C:\>Attrib*.sys
[Above command will give you the attribute of all the system files present in the directory. You will get the result something like give below]
SHR C:\MSDOS.sys
SHR C:\IO.sys
A SHR C:\CONFIG.sys
A SHR C:\logo.sys
From the above output is showing that logo (logo.sys) file is present in the directory and its attribute is SHR (it means it is a system file, it is hidden and read only)
As the logo.sys file is read only file, so we can’t make any change in it. To do any change we have to change its attribute by doing the following.
First go to windows directory (C:\WINDOWS>)
Then type the following:
C:\WINDOWS>cd\
C:\>Attrib logo.sys –s –h –r
After all these steps the attribute of logo.sys file will change so that I will be a readable file. Now we can change this picture or we can edit this picture. To make changes do the following steps: -
Open MSPaint and from the file Menu select Open. Now open the file logo.sys (from c:\logo.sys) by these steps you will get the boring startup boring picture in MSPaint. Now you can easily make any change that you want.
After doing all the changes save it as C:\logo.sys. Change its attributes back to the normal by typing the following command
C:\>attrib logo.sys +h +r +s
[Above commands will make the logo.sys file again to its original attribute i.e., hidden and ready only file]
For changing the boring Shut Down Screen follow the same steps as above except in place of logo.sys do the steps with logow.sys file
HACKING WINDOWS LOGIN PASSWORD
It is the password set by different users of a computer, so that whenever they login with their username+password they got their own windows setting.
Procedure:
To hack this password reboot (restart) the computer. Press F8, you will get a black screen which will ask you for one. Select option 7 to boot in the Dos mode. After these steps you will be able to get a black screen of MS-DOS. Then go to windows directory by issuing the command.

C:\>cd windows
[You will get C:\windows>]
Then either renames all files with the extension .pwl by typing the command.
C:\windows>ren*.pwl*.xyz
Or delete them by typing
C:\windows>del*.pwl*.xyz
Now exit from the Dos mode by issuing the command.
C:\windows>exit
Restart your computer and when you got the Windows password login pops up, just write anything in place of password.

MAKING FLOPPY DRIVE ENABLE IF IT IS DISABLE
Many times you will fine that the floppy drive is disable it means you can’t use floppy on that computer. Especially in school you can’t use floppy, as it is disable. What you will do to enable floppy drive so that if you want to do your project or anything else at home and copy it to the floppy drive and use this floppy to transfer it to the school computer. To do this just go to MSDOS and do the following steps:
1. Type DEBUG ( press enter)
Type o 70 2e ( press enter)
Type o 71 ff ( press enter)
Type q ( press enter)
Type exit ( press enter)
After doing all the above steps, just restart your computer and you will find that floppy derive is enable that means now you can copy in the floppy or you can transfer anything from floppy as you are free to use floppy.




HACKING YOUR OWN WINDOWS DESKTOP
To hack your desktop you have to edit explorer.exe file (it has all the information about your desktop). But it is a system file and we know system files are hidden and read only file, so we cant make any change in system file directly. To make changes in system file we have to methods
1. we have to change the attribute of system file from hidden and read only to readable file
OR
We have to open the system file in MSDOS mode. But before opening it in MSDOS we have to close the windows. So restart the computer in MSDOS mode.
You can choose any of the above method. But second method is an easy and simple method, so I prefer second method. If you got the DOS black page the go to windows directory (if it is not directly available at command prompt) by issuing the command.
C:\>cd windows
[You will get the prompt changes to C:\WINDOWS>]
Issue the following command
C:\WINDOWS>edit / 70 explorer.exe
The above command will open the Microsoft editor, this editor will help you in editing all Microsoft software and programs. After issuing the above command you will get a blue page with explorer.exe file which will be very difficult to read as many weird characters will be shown on screen. Don’t afraid of such characters, as you will never be able to understand those difficult characters.
Actually, each symbol has a numerical value that you can see at the right bottom of the screen at VALUE: ###. To see what each symbol stands for, move your cursor over the symbol and look at the right bottom screen at VALUE: ###. At the bottom you also see LINE: #### which gives you the line number.
By making changes in this file you can make changes in the text that appears anywhere in the window, even the text on the various buttons. Various lines stand for various texts, for example
Lines 1336 to 1354 allow us to change the text of TaskBar
Lines 2334 to line 2348 deal with what appears when you click the Start Button
Line 2390 deal with the text on the START button.
Let us change the text on the START button
Go to line 2390 and search for S t a r t, you will find that a clubs symbol is preceding this s t a r t. this clubs symbol has a value of 5 (it means the text after the clubs symbol must be of 5 letters). If you want to change this S t a r t into C l e a r then just delete the five letters in S t a r t and type C l e a r.
[NOTE: there is space in between the each letter of S t a r t so don’t delete the space just delete the letters. If by mistake you delete the blank space then search for another blank space in the program whose value is zero as the blank space which you have deleted has a value of zero]
After making changes just save the file to its original location and just reboot your computer. You will get C l e a r in place of S t a r t.
Above is a sophisticated procedure so please make a back up files so that if you did any mistake you can easily upload the real file.











BIOS PASSWORD HACKING
BIOS setting are the basic setting of computer like number of disks, voltage control, hardware control etc. you can enter the BIOS by pressing Del key at boot up. You can also enter in BIOS by CTRL + ATL+ESC or only CTRL+ESC.
In some computers you will find that it will ask password whenever you will switch on the CPU. This password is called BIOS password. If it is not set in your computer then you can set a password request by clicking Del at startup and by clicking on password menu.
How to hack the BIOS password?
You can’t enter in the computer system without entering BIOS password, but to hack BIOS password you have to go in system, which you can’t go without knowing password
So now we will do some hardware hacking. just open the CPU and search for a round lithium battery it will looks like a silver coin, so remove the battery and put it back after 45 or more seconds. In some computer system you have to also reset the jumper, so search a 3-pin jumper and reset it.
When you switch on the computer sometimes you may get an error showing that BIOS was reset or tampered with, but don’t worry this is not a big problem.
Hey do you want an easy solution of BIOS password hacking?
Then for this purpose we have a program called kill CMOS (it can be download from www.koasp.com) it will hack your BIOS password for you.
Now you have entered in the system. In most of the computer a windows login passwords is set for different user. For example if a computer is used by two different users and both two users want different setting then they will create their usernames and password so that whenever they will login in windows with their username-password, they will see the windows in their favorite setting.
How to hack windows login password?
I will teach you this hack in Advance Hacking section.



START HACKING TO REMOTE SYSTEM.

Please go step-by-step, don’t try any short curt or readymade software for hacking as you they will do nothing but will make hacking difficult to understand. Whenever you will try to search out hacking detail in you favorite search engine, you will find thousand of website in the output and when you will click on any of them you will probably will find website with black background and atrocious fonts colors and sizes, sites with skull images, with so many advertisement and nothing useful for you. In short you will get nothing by this type of search engines. So please don’t waste your time in those search engine. Hacking involves the following steps--
(1). Getting the IP of the victims computer.
(2). Collecting information about victims OS (Operating System) and version.
(3). Collecting information of various services running on victim’s system.
(4). Scanning for open ports on victim system.
(5). Searching for shared files or open hack able directories.
(6). Getting access to the remote system.
(7). Getting control.
(8). Destroy the victim’s system and its services.
(9). Removing traces or escaping.
What is an IP address of computer?
In this world everyone have specific address of his/her home. This address will be different for two different persons and if you will post a letter to your two friends you mentioning their respective address on the envelop, your letters will go to your friends due to their home address. Sam is with computer also if you want to connected with a specific computer, how your system will know where to connect.
Every computer have an n specific number, which is called IP address of the computer, this IP differentiate it from other computers. IP address is a decimal notation that divides a 23-bit Internet addresses into four 8-bit fields.
For example

192 . 168 . 202 . 06
↓ ↓
NETWORK NO. HOST NO.

IP address is of following two types
1. Permanent IP: now days Internet connection is provide by a cable wire and thus you got an IP, which is permanent IP. Whenever you will connect to Internet, you IP will remain same.
Dynamic IP: many of us connect to Internet with modem and telephone line. In this case your ISP (internet service provider) provides you a dynamic IP. It changes whenever you will connect to Internet. Your ISP will assign you a temporary IP whenever you will connect to Internet. You may notice that your IP address will have the same first 24 bits and only the last 8 bits will keep changing for example imagine the IP is xxx.yyy.aaa.bbb so aaa.bbb will be change but xxx.yyy will remain same whenever you will connect to internet
NOTE: - 127.0.0.1 is reserved for the loop back function, it means if you will try to telnet (connect) to 127.0.0.1 then telnet client will try to connect to your own computer.

To hack any computer you must know that the target system have permanent or dynamic IP.
If it has dynamic IP address then it will get change each time whenever target will connect to Internet. To check whether an IP address is static or dynamic, give the mapping tool command on the net: nslookup –nslookup hostname where hostname is replaced by IP address and if the output (result) is non-existent host domain then the IP address is dynamic, otherwise it will be static (permanent).
In short check the IP of target system 2-3 times after interval and if you find the same IP each time it means it is permanent (static) IP otherwise it will be dynamic IP.
How to get IP of target system?
Suppose if you want to find out the IP of www.hotmail.com , open the MS-DOS and issue the following command
C:\WINDOWS>ping -t hotmail.com
OR
C:>ping-t hotmail.com
You will get the result something like this

Pinging hotmail.com [64.4.32.7] with 32 bytes of data:Request timed out.Request timed out.
Request timed out.
Request timed out..Ping statistics for 64.4.32.7: Packets: Sent = 5, Received = 0, Lost = 5 (100% loss),
In the above output you can easily see that the IP of hotmail.com is 64.4.32.7 if you want to get more detail options of ping command then issue the following command.
C:>ping
You will get the following output.
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] [-k host-list]]
[-w timeout] target_name
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.



TracerT Tool
When you type www.google.com in the browser window, then your request passes through a large number of computers before reaching google.com . To find the IP of all these computers we have tracert command. Simply issue the following command.
C:\WINDOWS>tracert
You will get the following output
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name
Options:
-d Do not resolve addresses to hostnames.
-h maximum_hops Maximum number of hops to search for target.
-j host-list Loose source route along host-list.
-w timeout Wait timeout milliseconds for each reply.
If you want to find the system between you and target.com issue following command
C:\WINDOWS>tracert target.com
You will get the result somewhat similar to the below.
Tracing route to target.com [161.225.130.95]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Request timed out.
3 * *
Now you can easily conclude that the target.com has 161.225.130.95 as IP address.

How to get IP address of victim by chatting?(Use of NETSTAT TOOL)
There is a very interesting tool called netstat, which gives the list of open ports on your computer and your IP address. Issue the following command
C:\WINDOWS>netstat –a
It will also give you the IP of host you are connected to and also the ports on which you are connected (we will discuss about ports in detail later). To get more information about the host you are connected, type the command
C:\WINDOWS>nbtstat –A
The above command will you give you a list of usernames system name s and domains.
To get details option of nbtstat command issue following command
C:\WINDOWS>nbtstat
The output will be

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
addresses
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr
esh
RemoteName Remote host machine name.
IP address Dotted decimal representation of the IP address.
interval Redisplays selected statistics, pausing interval seconds
Between each display. Press Ctrl+C to stop redisplaying



So by chatting suppose you are chatting on messenger with a personX, whom IP address you want to find out. If you will give the net stat command while keeping online on chatting you will get IP of computers you are connected to that is personX IP. But many messengers does not follow this, these messengers will not make a direct connection between your computer and personX computer, so in this case if you will issue netstat command, the output will give you the IP of messenger not of personX. To get the IP of personX in these type of messenger just send a file to personX and you will be in direct connection with personX now issue netstat command, keep alive the file transfer, the output will give you the IP of personX.


How to get IP by using EMAIL?
By reverse DNS and by reading the email header. We can also find the IP of person who send us email. We will discuss it in advance hacking section as it is a little bit complex process and it needs detail study.





Getting information about the owner of an IP
One of the best and famous tool is whois query. When someone purchase an IP address it submits a form, in this form owner give his/her detail. The owner give this information to registrar and registrar submits it to whois.
Suppose you want to findout the detail about the www.target.com enter the following in the location bar of your browser.
http://205.177.25.9/cgi-bin/whois?target.com
and you will get the output with all the necessary detail which you want about the owner of IP.
You can also get the same information by using the whois query tool on www.samspade.com .
Getting information about the Operating System and its version
There are many tools to know the OS (operating system) of the target machine we will discuss many of such famous and helpful tools for hackers one-by-one.
telnet
Telnet give the simplest method to connect to remote system on specific ports. Suppose you want to connect hotmail.com at port 80 issue the following command.
C:\WINDOWS>telnet hotmail.com 80
↓ ↓
target system port
To just only open the telnet page type telnet in the RUN menu a white page of telnet client will open. Click on the connect menu and provide the IP address of computer or hostname to which you want to connect.
Suppose you want o connect to yahoo.com on prot 80 then type any of the following command.
Get/HTTP/1.1
Post/HTTP/1.1
Head/HTTP/1.1
Above commands are the request for yahoo.com main page but if you want yahoo.com/aboutus.html page the issue the following command.
Get/aboutus.html HTTP/1.1
HOW CAN WE KNOW THE OPERATING SYSTEM NAME AND ITS VERSION OF TARGET MACHING?
Just connect to target machine by telnet on port 80 (by issuing the any of the three commands as discussed earlier). After getting connected to the target machine just type anything for example type h and then press ENTER twice you will get a response in which you will get the desired Operating System name and its version.
In the above output you got the name of OS and its version, that what you want for hacking.
You can also get the OS name and its version by using the netcat tool . issue the command ( after download the netcat tool)
C:\nc –vV www.target.com 80
Then type
Get/target.html HTTP/1.1
There are various other tools by which also we can find the OS name and version , some of these tools will be discussed in later headings.
Port Scanning
From this step illegal hacking start. Port scanning is the method to scan the target either by scanning software or by manually to get the list of open ports. If you will do it manually it will consume much more time, so I prefer that newbie must start with professional port scanner.
Some of the most widely use port scanner with their working are given below.
1. Nmap
Satan
Nmapfe
THC-Amap
Netscan Tools
Superscan
Scanline
IPEYE
Wups
(10) UDP-Scan
(11) Hping
Most of the port scanner boost to be untraceable but in my view all the port scanners are detectable and if host is running the right kind of sniffer software like etherpeek then the scan can easily be detected. If you found scanning on someone’s system then you no excuse and you might be in jail as it is a cyber crime.



DETAILED PORT SCANNING
It is the method of finding open ports on target system as we have already discussed in basic hacking heading. In this section we will discuss a deeper approach of port scanning.
1. How port scanner works?
Making your own port scanner?
Making scan untraceable.
Important scanners
Port scanner sends a TCP flag (anyone which are listed below):
1. SYN - It synchronizes sequence numbers to initiate a connection
ACK – The acknowledgment numbers is valid.
RST – It reset the connection
PSH – The data should be passed to the application as soon as possible.
URS – It indicates the some urgent data has been placed, it is called urgent flag.
FIN – Finish flag is to close the connection any time.
Suppose I send a SYN to target system and it replies one back with ACK. It means target is listening or alive.
I will clear all of your doubts by taking example of most widely used scanner Nmap. This tool offers various techniques from which you can choose. You can scan for host that are up, TCP ports, UDP port and IP protocols




Searching For a Vulnerability in Remote System

To attack on your enemy you must know the weak point of your enemy, same is for computer attack also. To hack a system you must know where is the weakness in the system, it means you have to search for a vulnerability in the target system.
How to search vulnerability in victim’s computer (system) will be discussed in advance hacking here we will do it with some software. A large number of software are available, one of these remote vulnerability scanner is Nessus. It scan a network for know network misconfigurations and application vulnerabilities.
Famous tools for scanning vulnerability in remote system are.
1. Nessus
Stat
Retina
Internet Scanner
Tripwire
Whisker
Nikto
Twwwscan
Stealth HTTP Scanner
Triphon
App scan
Found Scan




Sniffers

These are the tools to capture data in a particular network. It will capture all you emails, passwords, chatting, request and all that you type or send will be capture by Sniffers.
Hey now perhaps you are thinking that if sniffer can capture all material even password, then why hacking is much difficult the answer is that now a days data sends /receive is encrypted, using sniffer is like tapping someone’s phone.
Most commonly used Sniffers are:
1. Butts sniffer
TCP Dump and windump
Ethereal
Dsniff
Ethercap
SNORT ( an intrusion detection system)
sniffit






Access To Target System

This is the first step try to control a target system. There are many tools available in the market by which you can get access to the remote computer.
For example Virtual Network Computing (VNC) which was written by AT & T Laboratories to allow a user complete control of a computer remotely.
This VNC software is a combination of two parts one is client and other is server. If you want control over machineX, then by any method download the server part of VNC in machineX and download the client part of VNC in you computer.
Check VNC working and more options in advance hacking section.
Most popularly used software for remote access to a computer are..

VNC
Netbus
Back Orifice
Subserver
Loki
STCP Shell
Knark








(NOTE: There are various method downloading server part to target machine for example by sending it in hidden format with email or by sending proper batch files etc)


To be a good hacker you must know the detail of networking TCP connection. In this section I will teach how two computers connects to each other. A sample TCP conversation between client and server is given below.
(1). Client sends SYN to server " I want to connect".
(2). Server sends SYN/ACK to client " okay I need to connect to you"
(3). Client sends ACK to server " okay".
(4). Client and server transmit the data to each other, by acknowledging each other’s transmission with ACK. If either side send an RST, the connection aborts (break) immediately.
(5). Client has finished the conversation client send FIN to server " good bye"
(6). Server sends ACK to client (Acknowledging) clients fin, server then sends a separate fin to client " okay good bye"
(7). Client sends ACK to server (Acknowledging server’s fin) " okay".

Flag
Usage in connection
SYN
Used to start the TCP connection
ACK
Used as Acknowledgment receipt
FIN
Used to finished (close) TCP connection
RST
Used to abort a TCP connection
Now we will discuss further deeper approach of TCP/IP
Transmission control protocol / Internet protocol or TCP / IP is a collection or suit of various protocols. A protocol is basically the command or instruction using which two computers within a local network or the Internet can exchange or transmit data and other information.
TCP /IP is made up of various layer it is just reduce their design and complexity of network, different layers, each one built upon the one below it. The number of layers, the name of each layers the contents of each layer and the function of each layer differs in different condition. The most important layers are given below.
Link Layer
Network Layer
Transport Layer
Application Layer
Physical Layer
We will discuss the functions and working of each layer separately in detail in next heading.
Suppose if a protocol has n-layers. Layer n on one machine carries on a conversation with layer n an another machine. The rules and conversation used in this conversation are collectively known as the layer n protocol.
By taking an example of 5 layer network as shown in the figure. The entity comprising the corresponding layers on different machines are called peers. In other words it is the peers that communicate using protocol.




TCP/IP may be widely divided in following layers, which are one above the other to provide flexibility in their functions and to make easy the data transmission.
1. The Internet Layer: This layer is the linchpin that holds the whole achitechture together. Its job is to permit hosts to inject packets into any network and have their travel independently to the destination. This layer defines an official packet formal and protocol called IP (Internet protocol).
Transport Layer: This layer is found to be just above the Internet layer in TCP /IP model. Its function is to allow peer entities on the source and destination hosts to carry on a conversation.
Application Layer: On the top of the transport layer is the application layer. It contains all higher level protocols e.g., Telnet, FTP, SMTP, DNS, NNNTP, HTTP, etc.
The Host to Network Layer: Below the Internet layer is a great void. The TCP /IP reference model does not really say much about what happens here, except to point out that the host has to connect to the network using some protocol so it can send IP packets over it. This protocol is not define and varies from host to host and network to network. You may rarely find something about it except my website.
[NOTE: The TCP /IP model does not has session or presentation layers]



Physical Layer: this layer is concerned with transmitting raw bits over a communication channel. We have to make sure that when one side sends a 1 bit, other receives it as 1 bit not as 0 bit.
Data link Layer: this layer is concerned with taking raw transmission facility and transform it into line that appears free of undetected transmission errors to the network layer
Network Layer: this layer is concerned with controlling the operation of the subnet
Transport Layer: it is to accept data from session layer, split it up into smaller units if need be pass these to network layer and ensure that the pieces all arrive correctly at the other end.
Session Layer: it allows users on different machines to establish session between them. A session allows ordinary data transport, as does the transport layer, but it also provides enhanced services useful in some application e.g.,. Token management.
Presentation Layer: it performs certain functions that are requested sufficiently often to warrant finding a general solution for them, rather than letting each user solve the problems.
Application Layer: it contains a variety of protocols that are commonly needed.

Basically a protocol is an agreement between the communicating parties on how communication is to proceed. Imagine when a woman is introduced to a man, she may choose to stick out her hand. He in turn may decide either to shake it or kiss it, depending for example, on whether she is an American lawyer at a business meeting or a European princess at a formal ball.
.
TCP (Transmission Control Protocol) Internet protocol (IP) is a suit or combination of various protocols. TCP /IP was developed by ARPAnet.
[ARPAnet was a research network sponsored by the DoD (U.S.Department of Defense). it eventually connected hundreds of universities and government installations using leased telephone lines. When satellite and radio networks were added later, the existing protocols had trouble interworking with them, so new reference architecture was need. Thus a new architecture was developed which in TCP/IP model. ]


In the reality, no data are directly transferred from layer-n on one machine to layer n on another machine. Instead, each layer passes data and information to the layer immediately below it until the lowest layer is reached, below layer 1 is the physical medium through which actual communication occurs.
A set of layers and protocols in called network architecture and a list of protocols used by a certain system, one protocol per layer is called protocol stack.
Data transmission in between the layers.
Suppose a message M is produced by an application process running in layer 5 and given to layer 4 for transmission. Layer 4 puts a header in front of the message to identify the message and pass the result to layer 3. The header includes control information, such as sequence numbers, to allow layer4 on the destination machine to deliver message in the right order if the lower layer do not maintain sequence. In some layers, headers also contain sizes timer, and other control fields. Mostly layer4 does not have any size limit it can transmit large size of message, but layer 3 has size limit. It means layer3 must break up the incoming messages into smaller parts, perpending a layer3 header to each packet. In this example M is split into two parts M1 and M2.
Layer3 decides which of the outgoing lines to use and passes the packet to layer2. layer2 adds not only a header to each piece , but also a trailer, and gives the resulting unit to layer 1 for physical transmission. At the receiving machine the message moves upward from layer to layer, with headers being stripped off as it progress. None of the headers for layers below n passes up to layer n

Data travels from one layer to other layer as already have discussed. Sometimes errors occur during data transmission, these are: -
1. Data loss: it occurs when the packets that constitute data to be transferred do not reach the destination.
Data corruption: it occurs when data get corrupted before reaching to destination.
How data is corrupted?
Only small packets of data can be transmit on the network or whenever we sends data it gets broken on the source into small packets in a particular sequence at the source. But these packets have to travel a large distance before reaching to destination, during this journey they are free to move independently on the net, so sometimes when data reach to destination it arrive out of sequence. In this way the data get corrupted.
In this way data can be easily corrupted, while transferring between two machines.
How can we control data corruption?
There are many error controlling services, whenever a corrupted data, it ask the source to resent the packets. We will discuss various such services later in Advance Section.












IP SPOOFING
To understand this toping you must go through detail about TCP /IP and Networking section. It is a technique by which you can hide your IP from target system, on the other hand target system will think that it is receiving data from a source other than you. It means to send data to a remote host so that it believes that the data is coming from a computer whose IP address is something other than your IP address.
Before discussing the detail of IP spoofing I want to tell you that it is one of the most exciting topic of hacking and also one of the most difficult topic. To do IP spoofing using a windows system is almost impossible. One more is that although by IP spoofing you are able to send spoofed datagram to remote host, the remote host will reply not on your REAL IP but on FAKE IP you made your datagram seem to have come from.
Let us take an example to show the problem with IP spoofing.
Suppose your real IP is aaa.aa.aaa and spoofed IP (fake IP) is bbb.bb.bbb and you are sending data to xxx.xx.xxx. At the beginning of connection victim will try to establish a TCP connection and will send an ACK message to FAKE IP (bbb.bb.bbb). Now if the imaginary IP which we created for spoofing is exist (As someone’s real IP) and it receive an ACK message (send by victim) then it will reply with FIN message ending the connection and allowing no further communication between FAKE and victim. Second case may arise if the imaginary (FAKE) IP address which we created for spoofing does not exist, then the ACK message sent by VICTIM will not get any reply and the connection will timeout. As in the above discussion our REAL IP address is not getting any packet (message) so we will not get any clue whether we are succeed in IP spoofing or not.
How can we spoof an IP?
First of all we must know how packet travel from source to its destination all the detail about their journey is found in the header. Headers contain the source and destination IP addresses and port numbers, so that the packet knows where to go and the destination knows from where the packet has come and where to respond. Now our system is behaving as source it means for IP spoofing we have to change the source IP address. Let us see the IP header of a datagram.

+++++++++++++++++++++++++++++++++++++++++++++
! Version! IHL ! Type of service! Total length!
+++++++++++++++++++++++++++++++++++++++++++++
! Identification! Flags! Fragment offset!
+++++++++++++++++++++++++++++++++++++++++++++
! Time to live! Protocol! Header checksum! !
+++++++++++++++++++++++++++++++++++++++++++++
! Source address!
+++++++++++++++++++++++++++++++++++++++++++++
! Destination address!
+++++++++++++++++++++++++++++++++++++++++++++
TCP header info followed by the actual data being transferred!
+++++++++++++++++++++++++++++++++++++++++++++

We have to change the destination address. For this we have to guess sequence number which is very difficult process.
Source port
Destination port
Sequence number
Acknowledgment number
LEN
unused

Window size
checksum
Urgent pointer
I will discuss this heading in next section in advance hacking section.
Posted by raisoni collage at 10:45 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)